Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

AutoJack Reveals New Threat to Autonomous AI Agent Security

Researchers are discovering new security threats that extend well beyond traditional prompt manipulation as artificial intelligence agents a...

All the recent news you need to know
Threat Landscape
Cyber Security Latin America Operation Escaneo Threat Landscape

Operation Escaneo Signals Shift in Latin America Cyber Threat Landscape

 

Operation Escaneo is a warning sign for Latin America’s cybersecurity ecosystem, showing that financially motivated attackers are adopting more advanced intrusion methods. The campaign, uncovered through an exposed attacker server, targeted government, financial, and critical infrastructure organizations across Mexico, with smaller activity in Ecuador and Portugal. Researchers say the operation reflects a shift in the region, where threat actors are increasingly combining opportunistic motives with sophisticated tooling. 

The attackers relied heavily on internet-facing vulnerabilities to gain entry. Reporting links the campaign to Fortinet FortiOS SSL-VPN and Ivanti Connect Secure flaws, along with other exploits involving Apache Tomcat, Windows, and Log4Shell. Rather than depending on a single vulnerability, the group appears to have built a flexible intrusion chain that could adapt to different environments, increasing its chances of success and making defense more difficult. 

Once inside, the operation used multiple layers of persistence and control. CloudSEK’s findings, as summarized by Infosecurity Magazine, describe Neo-reGeorg webshells, Chisel reverse tunnels, and even a compromised Cisco router configured with a GRE tunnel to maintain access. These methods helped the attackers stay connected while blending into normal traffic, a tactic that can evade host-based security tools and delay detection. 

The damage was not limited to access alone. Analysts reported large-scale theft of sensitive data, including personal records, Active Directory maps, SSL private keys, SAP service-account hashes, and browser-stored passwords. That level of exposure creates serious risks for identity abuse, lateral movement, and further compromise, especially in public-sector and financial environments where trust and encryption keys are critical assets.

Operation Escaneo is a reminder that Latin American defenders should prioritize patching perimeter appliances, monitoring for unusual tunneling activity, and limiting the spread of privileged credentials. The campaign’s scale and tradecraft suggest that regional attackers are moving closer to APT-level capability, with the potential to disrupt operations far beyond the initial breach.
Read more »
Data Safety User Data
ai browser AI technology Browser Security Browser Session Hijacking Chrome Extensions Critical Flaws Cyber Security Data Safety User Data

Critical Flaws in SiderAI and MaxAI Chrome Extensions Expose Millions to Browser Hijacking

 

Over ten million people might face major online threats following the discovery of severe weaknesses in two common AI-based Chrome add-ons, SiderAI and MaxAI. Though designed to assist with summaries and automated tasks, these tools were found carrying dangerous bugs - dubbed “Spyder” and “MaXSS” - by analysts at Rebora Security during a routine check of such software. Once exploited, either flaw lets unauthorized parties hijack active browsing activities. 

Information saved on sites, along with files on personal devices, may become reachable without permission. While built for convenience through side panels and smart responses, their broad adoption across Chromium-linked browsers amplifies how far harm could spread. Despite appearing helpful, the underlying structure allows invasive access when misused. One of the leading tools on the Chrome Web Store, SiderAI sits in the top quarter of all extensions by popularity. 

A recent analysis revealed flaws in how SiderAI and MaxAI managed data flow between sites and their inner workings, especially involving content scripts. Although these scripts should serve as controlled messengers - keeping site code apart from backend logic - the boundaries blurred in practice. Messages sent by web pages entered without sufficient checks. Because verification steps were missing, untrusted inputs could move deeper into the system than intended. A flaw in MaxAI allowed harmful sites to transmit manipulated data directly to its content script. 

Though meant to relay information, the system passed these signals onward - into the background process - with little checking. Because of this gap, unauthorized users gained access to powerful functions. Hidden tabs appeared without warning, snapshots of screens were captured, site interactions occurred - all while riding on logged-in accounts. Security weakened when trust was misplaced across internal components. Testing revealed researchers gaining entry to live Gmail and Google Calendar sessions, pulling confidential data while leaving no trace. 

What made the Spyder vulnerability in SiderAI alarming was its ability to mimic real user behavior - clicks, typing - all within integrated browser windows. A compromised site, using this loophole, might load Google Gemini unseen, harvest ongoing AI dialogues, then send them outward. Detection during such an event remained unlikely. What happens because of these flaws goes well past messages or chat tools. 

Through them, hackers might grab login codes, see private correspondence, change files, while acting like the victim on many sites. Sometimes, the broad access given to such add-ons lets intruders reach data saved directly on a person's device. What stands out most is how little effort an attacker needs - just opening a harmful webpage can trigger the flaw. Because of this low barrier, threats can spread fast without clear signs. 

After uncovering the problem, Rebora Security reached out to the creators of the affected tools; silence followed. With no reply, the details eventually appeared online, while a heads-up also went to Google. Should SiderAI or MaxAI appear in a user's browser, removal is urgent. This case brings attention to rising risks tied to artificial intelligence add-ons - especially those collecting sensitive online behavior. 

When apps gain deep access to personal information, careful review of their privileges becomes unavoidable. Security grows more complex as these tools spread across everyday browsing routines.
Read more »
Technology
AI CISO Cyber Threats Cybersecurity ISSA Technology

Cybersecurity Leaders Face Growing Workloads as AI Changes the Job

 



The responsibilities placed on cybersecurity leaders are becoming increasingly difficult to manage as organizations face a growing number of cyber threats, rapid adoption of artificial intelligence technologies, and increasing demands for security oversight across the business.

A recent survey conducted by the Information Systems Security Association (ISSA) International and research firm Omdia found that 68% of cybersecurity and IT professionals believe their jobs are more difficult today than they were two years ago. More than half of respondents reported heavier workloads and greater operational complexity (55%), while 52% said the volume and intensity of cyber threats have become more overwhelming.

Security teams are being asked to protect increasingly complex digital environments while also helping organizations adopt new technologies such as generative AI. At the same time, many security leaders say they are struggling to secure sufficient support from other parts of the business.

According to Shawn Murray, former president of ISSA and a fractional Chief Information Security Officer (CISO), many security executives regularly work long hours while attempting to address security concerns that are often introduced without their involvement. In some organizations, new technologies are adopted before security teams are included in planning discussions, creating additional challenges for risk management and governance.

As a result, some experienced CISOs are leaving traditional full-time leadership positions and choosing consulting or fractional roles instead. These arrangements allow security professionals to work with multiple organizations while focusing on businesses that are willing to involve cybersecurity leaders in strategic decision-making.

While legal accountability was once considered one of the largest concerns facing CISOs, the survey suggests that anxiety around personal liability has become less prominent than in previous years. Instead, many respondents identified the security implications of artificial intelligence as one of the most significant new sources of pressure.

AI has created both opportunities and challenges for cybersecurity teams. One growing concern is the rise of "shadow AI," where employees begin using AI tools and services without notifying security teams or obtaining formal approval. Similar issues emerged during the early stages of cloud adoption, when departments could deploy new services independently without providing visibility to cybersecurity staff.

This lack of visibility can create greater security gaps. When security teams do not know which AI applications, models, or processes are being used across an organization, it becomes more difficult to identify risks, monitor suspicious activity, and respond effectively to potential incidents.

Despite these concerns, cybersecurity professionals are increasingly interested in using AI to improve their own operations. The survey found that 37% of respondents are already using AI-powered tools to address cybersecurity challenges, while another 46% plan to adopt such technologies in the future.

Among the most common use cases identified by respondents were automated cybersecurity assessments, software testing, predictive risk analysis, and threat detection. These capabilities could help security teams reduce manual workloads and process large volumes of security data more efficiently.

Alex Hutton, CISO at Atlantic Union Bank, noted that the cybersecurity environment has changed significantly in recent years. Whether organizations fully embrace advanced AI systems or not, security professionals must continuously learn about new technologies, understand emerging risks, and adapt their security strategies accordingly.

The survey also highlighted a notable shift in how organizations obtain cybersecurity leadership. The percentage of companies employing full-time CISOs declined from 76% in 2024 to 63%, while the use of fractional CISOs increased from 6% to 15% over the same period.

Industry observers believe this trend reflects growing demand for cybersecurity expertise rather than a reduction in the importance of the CISO role. Many small and mid-sized organizations face the same security, compliance, and governance challenges as larger enterprises but often lack the budget required to hire a full-time executive.

Cyber insurance requirements are also contributing to demand for experienced security leadership. Organizations are increasingly expected to demonstrate strong cybersecurity practices and effective risk management controls before obtaining coverage or meeting insurer requirements. CISOs frequently play a central role in helping businesses assess risks, improve security programs, and document compliance efforts.

According to Hutton, the rise of fractional and virtual CISOs provides organizations with access to executive-level security guidance without requiring a full-time appointment. Rather than signaling the decline of cybersecurity leadership positions, the change may represent an expansion of cybersecurity services to organizations that previously could not afford dedicated executive expertise.

As cyber threats continue to grow and AI reshapes business operations, cybersecurity leaders are expected to remain critical decision-makers. However, the role itself is changing, requiring security professionals to balance technical oversight, business strategy, regulatory expectations, and emerging technologies in an increasingly demanding environment.

Read more »
European Union
Cyber Networks cyber resilience Cyber Security Cyberattacks Cybersecurity Precautions EU European Union

Ukraine Joins EU Cybersecurity Reserve to Strengthen Cyber Resilience and Emergency Response

 

Now able to tap into the EU’s emergency cyber network, Ukraine joins a support framework cleared by the Council of the European Union. When overwhelming cyberattacks strike, help may come faster because Kyiv can formally seek aid beyond what it handles alone. Specialized teams and resources from across the bloc stand ready, activated through shared crisis procedures. 

This link strengthens real-time defense options amid severe digital threats. Help arrives via the EU Cybersecurity Reserve, run by ENISA - the European Union’s cybersecurity agency. Born from the Cyber Solidarity Act, it lets member nations turn to vetted private experts if local teams cannot keep up. As attacks grow more complex, ties in tech defense strengthen between the bloc and Ukraine. Their collaboration now includes shared readiness against online risks. 

If a cyberattack overwhelms Ukraine’s internal resources, it can officially trigger emergency support through the framework. When that happens, digital security specialists from various European nations might step in to help control, examine, and recover systems. Officials view this measure as one piece of wider work aimed at boosting readiness, speeding up reactions, and building stronger collaboration amid rising complexity in online attacks. 

Though cyber threats grow more frequent, unity among nations strengthens defenses. Because attacks target government systems, companies, and vital services, joint efforts matter more now. The European Commission views this move as a step toward stronger cooperation. When one country acts alone, risks rise - yet shared knowledge reduces vulnerability. As digital dangers spread, responses must shift from isolated attempts to unified strategies. Now ranking as the second non-EU nation within the reserve, Ukraine follows Moldova’s inclusion during 2024. 

That year, rising cyber threats tied to Russian activity prompted Moldova’s entry. Seen by European authorities as pivotal for regional collaboration on digital security, its involvement highlights ongoing efforts. Resilience in cyberspace continues shaping how the EU engages nearby states. Progress here reflects broader aims, yet depends heavily on real-time readiness. Besides tackling cyber threats, the European Union now works more closely with Moldova on various digital fronts. 

Recently, an accord was reached politically, paving the way for Moldova’s entry into the EU Roaming Zone - pending official approval. Should it pass, people from both regions could make calls, send messages, or access data while traveling, free of extra fees. Now operating within the EU Third Countries’ Trusted List, Moldova streamlines how electronic signatures and digital seals are recognized across entities and individuals. 

Backed by EU funding, a fresh node of the European Digital Media Observatory - named FACT - emerges to counter disinformation and external manipulation efforts. Now comes news on cyber defense, right after fresh progress in how the EU engages Ukraine and Moldova. Talks to join the bloc officially started, backed unanimously by national leaders lately. 

Marking the moment, Commission head Ursula von der Leyen called it a turning point - not just symbolic, but rooted in real changes made amid hardship. Her view: this step shows lasting support for peace, resilience, and shared effort where it matters most. 

Now more shielded, Ukraine taps into the EU Cybersecurity Reserve, linking efforts with European allies when large-scale digital threats emerge. This cooperation builds lasting strength in facing future attacks, not just immediate fixes. Through shared response channels, new stability takes root beyond borders. Long-term readiness grows quietly but steadily from such joint undertakings.
Read more »
Telegram Ban
Mobile Security NEET UG NTA Paper Leak Telegram Ban

India Temporarily Bans Telegram Ahead of NEET UG 2026 Re-Exam to Curb Fraud

 

India has temporarily restricted Telegram ahead of the NEET UG 2026 re-examination, as authorities move to curb exam fraud and protect the integrity of one of the country’s most important medical entrance tests. The decision has drawn attention because Telegram is widely used for communication, study groups, and information sharing, making the restriction both significant and controversial. 

The action was taken after the National Testing Agency recommended stronger controls amid concerns that organized cheating groups were exploiting the app to circulate question papers and misleading claims. Officials said the temporary ban is intended to stop candidates from being targeted by fraud networks that can spread manipulated content quickly during a high-stakes exam period. 

Under the order, access to Telegram in India is restricted until June 22, 2026, covering the exam day and the immediate aftermath. Authorities also directed the company to disable its message-editing feature in India until June 30, 2026, saying that feature had allegedly been misused to make old posts look like proof of a paper leak. 

The measure has sparked debate because Telegram is used not only for illicit activity but also for legitimate education, work, and community communication. Telegram has reportedly challenged the decision in court, while the Delhi High Court upheld the government’s temporary block on June 19, citing emergency grounds and compliance with the law. 

The broader issue goes beyond one app: exam leaks and digital fraud are becoming harder to control as messaging platforms, edited content, and anonymous groups make false claims easier to spread. For students, the immediate focus is on the re-exam schedule, but for policymakers, the case is a reminder that future exam security may require faster monitoring, tighter platform cooperation, and clearer digital enforcement rules.
Read more »
spear phishing
BYOVD Attack Inc ransomware LockBit malware Ransomware spear phishing

INC Ransomware Climbs Into Top Tier of Cybercrime Operations, Surpasses 830 Victims

 



The ransomware operation known as INC has grown into one of the most active cybercrime groups of 2026, with security researchers linking it to more than 830 victims since it first appeared in August 2023.

According to researchers at Acronis, the group's rise coincided with disruptions affecting major ransomware brands such as LockBit and BlackCat. As affiliates sought alternative platforms, INC appears to have benefited from that shift. More than 65% of the victims listed by the group are based in the United States, with legal firms, healthcare providers, manufacturers, construction companies, and technology organizations among the most frequently targeted sectors.

Researchers also observed major changes to the ransomware itself. INC's malware for Windows and Linux/VMware ESXi systems has been rewritten in Rust, a programming language increasingly adopted by malware developers because it supports multiple operating systems and can complicate reverse-engineering efforts.

The group's toolkit has expanded as well. Recent attacks have involved a credential-stealing utility capable of extracting authentication data from newer Veeam backup deployments that use salted DPAPI encryption. Access to backup infrastructure can give attackers valuable credentials while also making recovery efforts more difficult for victims.

Acronis noted that the sale of INC's Windows and Linux ransomware variants on underground cybercrime forums in May 2024 contributed to the appearance of related ransomware families, including Lynx and Sinobi. Researchers identified significant code similarities between the groups.

Investigators found that INC affiliates rely on several entry points to compromise networks, including spear-phishing campaigns, credentials purchased from Initial Access Brokers (IABs), and the exploitation of publicly exposed systems running vulnerable versions of Citrix NetScaler, Fortinet EMS, and SimpleHelp software.

Once inside a network, attackers harvest credentials, move between systems using legitimate administrative tools such as RDP and PsExec, and attempt to weaken security controls through a technique known as Bring Your Own Vulnerable Driver (BYOVD). Researchers observed the use of vulnerable drivers including filwfp.sys, filnk.sys, and fildds.sys. The group also deploys tools such as Cobalt Strike, AnyDesk, ScreenConnect, and TeamViewer to maintain access and control compromised environments.

Before encryption begins, stolen files are collected and transferred using Rclone, often after being packaged into password-protected archives. The ransomware then encrypts systems using multithreading and partial-encryption techniques to speed up the process. When launched against VMware ESXi environments, the malware can also attempt to shut down virtual machines.

Data from ZeroFox ranked INC as the fourth most active ransomware operation during the first quarter of 2026, recording more than 120 incidents. Researchers said the group's growth demonstrates how ransomware operators can build large-scale campaigns using widely available tools, stolen credentials, and unpatched systems rather than relying on highly specialized malware.

Read more »
Subscribe to: Posts (Atom)

Featured