Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Software Supply Chain Attacks Surge to Record Highs in October, Driven by Zero-Day Flaws and Ransomware Groups

  Software supply chain intrusions reached an unprecedented peak in October, surpassing previous monthly records by more than 30%, accordin...

All the recent news you need to know
User Privacy
Apache OpenOffice ASF Data Breach Employee Data User Privacy

ASF Rejects Akira Breach Claims Against Apache OpenOffice

 

Apache OpenOffice, an open-source office suite project maintained by the Apache Software Foundation (ASF), is currently disputing claims of a significant data breach allegedly perpetrated by the Akira ransomware gang. 

On October 30, 2025, Akira published a post on its data leak site asserting that it had compromised Apache OpenOffice and exfiltrated 23 GB of sensitive corporate documents, including employee personal information—such as home addresses, phone numbers, dates of birth, driver’s licenses, social security numbers, and credit card data—as well as financial records and internal confidential files. The group further claimed it would soon release these documents publicly.

Responding publicly, the ASF refutes the claims, stating it has no evidence that its systems have been compromised or that a breach has occurred. According to ASF representatives, the data types described by Akira do not exist within the Foundation’s infrastructure. Importantly, the ASF points out the open-source nature of the project: there are no paid employees associated with Apache OpenOffice or the Foundation, and therefore, sensitive employee information as specified by Akira is not held by ASF. 

All development activities, bug tracking, and feature requests for the software are managed openly and transparently, primarily through public developer mailing lists. Thus, any internal reports or application issues cited in the alleged leak are already available in the public domain.

ASF further emphasized its strong commitment to security and clarified that, as of November 4, 2025, it had received no ransom demands directed at either the Foundation or the OpenOffice project. The Foundation has initiated an internal investigation to fully assess the veracity of Akira’s claims but, so far, has found no supporting evidence. 

It has not contacted law enforcement or external cybersecurity experts, signaling that the incident is being treated as a claim without substantiation. As of the time of publication, none of the purported stolen data has surfaced on the Akira leak site, leaving ASF’s assertion unchallenged.

This dispute highlights the increasingly common tactic among ransomware operators of leveraging publicity and unsubstantiated claims to pressure organizations, even when the technical evidence does not support their assertions. For now, ASF continues to reassure users and contributors that Apache OpenOffice remains uncompromised, and stresses the transparency inherent in open-source development as a key defense against misinformation and data exfiltration claims.
Read more »
Spyware
AI Android Data Internet malware Pegasus Spyware

How Spyware Steals Your Data Without You Knowing About It


You might not be aware that your smartphone has spyware, which poses a risk to your privacy and personal security. However, what exactly is spyware? 

This type of malware, often presented as a trustworthy mobile application, has the potential to steal your data, track your whereabouts, record conversations, monitor your social media activity, take screenshots of your activities, and more. Phishing, a phony mobile application, or a once-reliable software that was upgraded over the air to become an information thief are some of the ways it could end up on your phone.

Types of malware

Legitimate apps are frequently packaged with nuisanceware. It modifies your homepage or search engine settings, interrupts your web browsing with pop-ups, and may collect your browsing information to sell to networks and advertising agencies.

Nuisanceware

Nuisanceware is typically not harmful or a threat to your fundamental security, despite being seen as malvertising. Rather, many malware packages focus on generating revenue by persuading users to view or click on advertisements.

Generic mobile spyware

Additionally, there is generic mobile spyware. These types of malware collect information from the operating system and clipboard in addition to potentially valuable items like account credentials or bitcoin wallet data. Spray-and-pray phishing attempts may employ spyware, which isn't always targeted.

Stalkerware

Compared to simple spyware, advanced spyware is sometimes also referred to as stalkerware. This spyware, which is unethical and frequently harmful, can occasionally be found on desktop computers but is becoming more frequently installed on phones.

The infamous Pegasus

Lastly, there is commercial spyware of governmental quality. One of the most popular variations is Pegasus, which is sold to governments as a weapon for law enforcement and counterterrorism. 

Pegasus was discovered on smartphones owned by lawyers, journalists, activists, and political dissidents. Commercial-grade malware is unlikely to affect you unless you belong to a group that governments with ethical dilemmas are particularly interested in. This is because commercial-grade spyware is expensive and requires careful victim selection and targeting.

How to know if spyware is on your phone?

There are signs that you may be the target of a spyware or stalkerware operator.

Receiving strange or unexpected emails or messages on social media could be a sign of a spyware infection attempt. You should remove these without downloading any files or clicking any links.

Read more »
Privacy violation
Employee Security Location data location data breach location tracking Microsoft Microsoft Teams Privacy Privacy violation

Microsoft Teams’ New Location-Based Status Sparks Major Privacy and Legal Concerns

 

Microsoft Teams is preparing to roll out a new feature that could significantly change how employee presence is tracked in the workplace. By the end of the year, the platform will be able to automatically detect when an employee connects to the company’s office Wi-Fi and update their status to show they are working on-site. This information will be visible to both colleagues and supervisors, raising immediate questions about privacy and legality. Although Microsoft states that the feature will be switched off by default, IT administrators can enable it at the organizational level to improve “transparency and collaboration.” 

The idea appears practical on the surface. Remote workers may want to know whether coworkers are physically present at the office to access documents or coordinate tasks that require on-site resources. However, the convenience quickly gives way to concerns about surveillance. Critics warn that this feature could easily be misused to monitor employee attendance or indirectly enforce return-to-office mandates—especially as Microsoft itself is requiring employees living within 50 miles of its offices to spend at least three days a week on-site starting next February. 

To better understand the implications, TECHBOOK consulted Professor Christian Solmecke, a specialist in media and IT law. He argues that the feature rests on uncertain legal footing under European privacy regulations. According to Solmecke, automatically updating an employee’s location constitutes the processing of personal data, which is allowed under the GDPR only when supported by a valid legal basis. In this case, two possibilities exist: explicit employee consent or a legitimate interest on the part of the employer. But as Solmecke explains, an employer’s interest in transparency rarely outweighs an employee’s right to privacy, especially when tracking is not strictly necessary for job performance. 

The expert compares the situation to covert video surveillance, which is only permitted when there is a concrete suspicion of wrongdoing. Location tracking, if used to verify whether workers are actually on-site, falls into a similar category. For routine operations, he stresses, such monitoring would likely be disproportionate. Solmecke adds that neither broad IT policies nor standard employment contracts provide sufficient grounds for processing this type of data. Consent must be truly voluntary, which is difficult to guarantee in an employer-employee relationship where workers may feel pressured to agree. 

He states that if companies wish to enable this automatic location sharing, a dedicated written agreement would be required—one that employees can decline without negative repercussions. Additionally, in workplaces with a works council, co-determination rules apply. Under Germany’s Works Constitution Act, systems capable of monitoring performance or behavior must be approved by the works council before being implemented. Without such approval or a corresponding works agreement, enabling the feature would violate privacy law. 

For employees, the upcoming rollout does not mean their on-site presence will immediately become visible. Microsoft cannot allow employers to activate such a feature without clear employee knowledge or consent. According to Solmecke, any attempt to automatically log and share employee location inside the company would be legally vulnerable and potentially challengeable. Workers retain the right to reject such data collection unless a lawful framework is in place. 

As companies continue navigating hybrid and remote work models, Microsoft’s new location-based status illustrates the growing tension between workplace efficiency and digital privacy. Whether organizations adopt this feature will likely depend on how well they balance those priorities—and whether they can do so within the boundaries of data protection law.
Read more »
Threat Intelligence
Cybercrime Ecosystem Cybersecurity Threats Data Breach European Cybersecurity Malware As A Service Network Security ransomware attacks State-Sponsored Attacks Threat Intelligence

Europe struggles with record-breaking spike in ransomware attacks

 


Europe is increasingly being targeted by ransomware groups, driving attacks to unprecedented levels as criminal operations become more industrialised and sophisticated. Threat actors have established themselves in this region as a prime hunting ground, and are now relying on a growing ecosystem of underground marketplaces that sell everything from Malware-as-a-Service subscriptions to stolen network access and turnkey phishing kits to Malware-as-a-Service subscriptions. 

New findings from CrowdStrike's 2025 European Threat Landscape Report reveal that nearly 22 per cent of all ransomware and extortion incidents that occurred globally this year have involved European organisations. Accordingly, European organizations are more likely than those in Asia-Pacific to be targeted by cybercriminals than those in North America, placing them second only to North America. 

According to these statistics, there is a troubling shift affecting Europe's public and private networks. An increasing threat model is being used by cybercriminals on the continent that makes it easier, cheaper, and quicker to attack their victims. This leaves thousands of victims of attacks increasingly sophisticated and financially motivated across the continent. 

Throughout CrowdStrike's latest analysis, a clear picture emerges of just how heavily Europeans have been affected by ransomware and extortion attacks, with the continent managing to absorb over 22% of all global extortion and ransomware attacks. As stated in the report, the UK, Germany, France, Italy, and Spain are the most frequently targeted nations. It also notes that dedicated leak sites linked to European victims have increased by nearly 13% on an annual basis, a trend driven by groups such as Scattered Spider, a group that has shortened its attack-to-deployment window to a mere 24 hours from when the attack started. 

According to the study, companies in the manufacturing, professional services, technology, industrial, engineering and retail industries are still the most heavily pursued sectors, as prominent gangs such as Akira, LockBit, RansomHub, INC, Lynx, and Sinobi continue to dominate the landscape, making big game hunting tactics, aimed at high-value enterprises, remain prevalent and have intensified throughout the continent as well. 

It has been suggested in the study that because of the wide and lucrative corporate base of Europe, the complex regulatory and legal structure, and the geopolitical motivations of some threat actors, the region is a target for well-funded e-crime operations that are well-resourced. State-aligned threat activity continues to add an element of volatility to the already troubled cyber landscape of Europe.

In the past two years, Russian operators have intensified their operations against Ukraine, combining credential phishing with intelligence gathering and disrupting attacks targeted at the power grid, the government, the military, the energy grid, the telecommunications grid, the utility grid, and so forth. The North Koreans have, at the same time, expanded their reach to Europe, attacking defence, diplomatic, and financial institutions in operations that fuse classic espionage with cryptocurrency theft to finance their strategic projects. 

Moreover, Chinese state-sponsored actors have been extorting valuable intellectual property from industries across eleven nations by exploiting cloud environments and software supply chains to siphon intellectual property from the nation that enables them to expand their footprint. 

A number of these operations have demonstrated a sustained commitment to biotechnology and healthcare, while Vixen Panda is now considered one of the most persistent threats to European government and defence organisations, emphasising the degree to which state-backed intrusion campaigns are increasing the region's risk of infection.

There has been a dramatic acceleration in the speed at which ransomware attacks are being carried out in Europe, with CrowdStrike noting that groups such as Scattered Spider have reduced their ransomware deployment cycles to unprecedented levels, which has driven up the levels of infection. Through the group's efforts, the time between an initial intrusion and full encryption has been reduced from 35.5 hours in 2024 to roughly 24 hours by mid-2025, meaning that defenders are likely to have fewer chances to detect or contain intrusions. 

Despite being actively under investigation by law enforcement agencies, eCrime actors based in Western countries, like the United States and the United Kingdom, are developing resilient criminal networks despite active scrutiny by law enforcement. The arrest of four individuals recently by the National Crime Agency in connection with attacks on major retailers, as well as the rearrest of the four individuals for involvement in a breach at Transport for London, underscores the persistence of these groups despite coordinated enforcement efforts. 

In addition to this rapid operational tempo, cybercrime has also been transformed into a commodity-driven industry as a result of a thriving underground economy. The Russian- and English-speaking forums, together with encrypted messaging platforms, offer threat actors the opportunity to exchange access to tools, access points, and operational support with the efficiency of commercial storefronts. 

A total of 260 initial access brokers were seen by investigators during the review period, advertising entry points into more than 1,400 European organizations during the review period. This effectively outsourced the initial stages of a breach to outside sources. Through subscription or affiliate models of malware-as-a-service, companies can offer ready-made loaders, stealers, and financial malware as a service, further lowering the barrier to entry. 

It has been noted that even after major disruptions by law enforcement, including the seizure of prominent forums, many operators have continued to trade without interruption, thanks to safe-haven jurisdictions and established networks of trustworthiness. Aside from eCrime, the report highlights an increasingly complex threat environment caused by state-sponsored actors such as Russia, China, North Korea and Iran. 

Russian actors are concentrating their efforts on Ukraine, committing credential-phishing attacks, obtaining intelligence, and undertaking destructive activities targeting the military, government, energy, telecommunications, and utility sectors, and simultaneously conducting extensive espionage across NATO member countries.

For the purpose of providing plausible deniability, groups tied to Moscow have conducted extensive phishing campaigns, set up hundreds of spoofed domains, and even recruited "throwaway agents" through Telegram to carry out sabotage operations. As Iranian groups continued to conduct hack-and-leak, phishing, and DDoS attacks, often masking state intent behind hacktivist personas, their hack-and-leak campaigns branched into the UK, Germany, and the Netherlands, and they stepped up their efforts. 

With these converging nation-state operations, European institutions have been put under increased strategic pressure, adding an element of geopolitical complexity to an already overloaded cyber-defence environment. It is clear from the findings that for Europe to navigate this escalating threat landscape, a more unified and forward-leaning security posture is urgently needed. According to experts, traditional perimeter defences and slow incident response models are no longer adequate to deal with actors operating at an industrial speed, due to the rapid pace of technology. 

Companies need to share regional intelligence, invest in continuous monitoring, and adopt AI-driven detection capabilities in order to narrow the attackers' widening advantage. Keeping up with the innovation and sophistication of criminal and state-backed adversaries is a difficult task for any organisation, but for organisations that fail to modernise their defences, they run the risk of being left defenceless in an increasingly unforgiving digital battlefield.
Read more »
Videos
Artificial Intelligence Generative AI Technology Videos

The Subtle Signs That Reveal an AI-Generated Video

 


Artificial intelligence is transforming how videos are created and shared, and the change is happening at a startling pace. In only a few months, AI-powered video generators have advanced so much that people are struggling to tell whether a clip is real or synthetic. Experts say that this is only the beginning of a much larger shift in how the public perceives recorded reality.

The uncomfortable truth is that most of us will eventually fall for a fake video. Some already have. The technology is improving so quickly that it is undermining the basic assumption that a video camera captures the truth. Until we adapt, it is important to know what clues can still help identify computer-generated clips before that distinction disappears completely.


The Quality Clue: When Bad Video Looks Suspicious

At the moment, the most reliable sign of a potentially AI-generated video is surprisingly simple, poor image quality. If a clip looks overly grainy, blurred, or compressed, that should raise immediate suspicion. Researchers in digital forensics often start their analysis by checking resolution and clarity.

Hany Farid, a digital-forensics specialist at the University of California, Berkeley, explains that low-quality videos often hide the subtle visual flaws created by AI systems. These systems, while impressive, still struggle to render fine details accurately. Blurring and pixelation can conveniently conceal these inconsistencies.

However, it is essential to note that not all low-quality clips are fake. Some authentic videos are genuinely filmed under poor lighting or with outdated equipment. Likewise, not every AI-generated video looks bad. The point is that unclear or downgraded quality makes fakes harder to detect.


Why Lower Resolution Helps Deception

Today’s top AI models, such as Google’s Veo and OpenAI’s Sora, have reduced obvious mistakes like extra fingers or distorted text. The issues they produce are much subtler, unusually smooth skin textures, unnatural reflections, strange shifts in hair or clothing, or background movements that defy physics. When resolution is high, those flaws are easier to catch. When the video is deliberately compressed, they almost vanish.

That is why deceptive creators often lower a video’s quality on purpose. By reducing resolution and adding compression, they hide the “digital fingerprints” that could expose a fake. Experts say this is now a common technique among those who intend to mislead audiences.


Short Clips Are Another Warning Sign

Length can be another indicator. Because generating AI video is still computationally expensive, most AI-generated clips are short, often six to ten seconds. Longer clips require more processing time and increase the risk of errors appearing. As a result, many deceptive videos online are short, and when longer ones are made, they are typically stitched together from several shorter segments. If you notice sharp cuts or changes every few seconds, that could be another red flag.


The Real-World Examples of Viral Fakes

In recent months, several viral examples have proven how convincing AI content can be. A video of rabbits jumping on a trampoline received over 200 million views before viewers learned it was synthetic. A romantic clip of two strangers meeting on the New York subway was also revealed to be AI-generated. Another viral post showed an American priest delivering a fiery sermon against billionaires; it, too, turned out to be fake.

All these videos shared one detail: they looked like they were recorded on old or low-grade cameras. The bunny video appeared to come from a security camera, the subway couple’s clip was heavily pixelated, and the preacher’s footage was slightly zoomed and blurred. These imperfections made the fakes seem authentic.


Why These Signs Will Soon Disappear

Unfortunately, these red flags are temporary. Both Farid and other researchers, like Matthew Stamm of Drexel University, warn that visual clues are fading fast. AI systems are evolving toward flawless realism, and within a couple of years, even experts may struggle to detect fakes by sight alone. This evolution mirrors what happened with AI images where obvious errors like distorted hands or melted faces have mostly disappeared.

In the future, video verification will depend less on what we see and more on what the data reveals. Forensic tools can already identify statistical irregularities in pixel distribution or file structure that the human eye cannot perceive. These traces act like invisible fingerprints left during video generation or manipulation.

Tech companies are now developing standards to authenticate digital content. The idea is for cameras to automatically embed cryptographic information into files at the moment of recording, verifying the image’s origin. Similarly, AI systems could include transparent markers to indicate that a video was machine-generated. While these measures are promising, they are not yet universally implemented.

Experts in digital literacy argue that the most important shift must come from us, not just technology. As Mike Caulfield, a researcher on misinformation, points out, people need to change how they interpret what they see online. Relying on visual appearance is no longer enough.

Just as we do not assume that written text is automatically true, we must now apply the same scepticism to videos. The key questions should always be: Who created this content? Where was it first posted? Has it been confirmed by credible sources? Authenticity now depends on context and source verification rather than clarity or resolution.


The Takeaway

For now, blurry and short clips remain practical warning signs of possible AI involvement. But as technology improves, those clues will soon lose their usefulness. The only dependable defense against misinformation will be a cautious, investigative mindset: verifying origin, confirming context, and trusting only what can be independently authenticated.

In the era of generative video, the truth no longer lies in what we see but in what we can verify.



Read more »
Vulnerabilties and Expolits
AGESA update AMD Zen 5 CPU random number generator cryptography risk Linux patch RDSEED failure Vulnerabilties and Expolits

AMD Confirms High-Severity RDSEED Vulnerability in Zen 5 CPUs, Mitigations Rolling Out Through Early 2026

 

AMD has officially acknowledged a critical flaw in the RDSEED instruction found in CPUs built on its new Zen 5 architecture, identifying it as a major security risk within the hardware random number generator. According to the company, this malfunction can cause the generator to produce keys that are not fully unpredictable, potentially exposing users to security threats.

The issue, labeled "AMD-SB-7055", has been categorized as high severity. AMD has begun releasing fixes, with the complete rollout expected to continue through January 2026 depending on CPU type. The company says mitigations are already in place for EPYC 9005 processors, while updates for consumer-focused Zen 5 models—such as the Ryzen 9000 series, AI Max 300 series, Threadripper 9000 series, and Ryzen Z2 lineup—are scheduled for November 25.

At the core of the problem is the RDSEED instruction returning "0" in a predictable way while incorrectly reporting successful operation. The flaw affects the 16-bit and 32-bit versions of RDSEED, though the 64-bit variant is said to be unaffected, with AMD not elaborating on the reason. This behavior poses a significant danger to cryptographic systems that rely on RDSEED for generating truly unpredictable keys. If the instruction fails silently, it could result in predictable patterns that attackers may exploit.

RDSEED is one of two random key–generation mechanisms commonly available in modern processors. It collects environmental entropy to produce true random values, while RDRAND—though faster—relies on a deterministic method that can be more predictable.

The vulnerability was initially identified by a Meta engineer, who described the issue on the Linux kernel mailing list (first covered by Phoronix in mid-October). Their tests showed the problem could be consistently triggered by stressing RDSEED on one CPU thread while another consumed around 90% of system memory. Soon after, Linux developers submitted a patch disabling RDSEED across all Zen 5 processors to prevent exploitation.

This is not the first RDSEED-related issue to surface on AMD hardware. Previous Zen 2-based APUs, known as Cyan Skillfish, encountered a different but similarly impactful RDSEED failure that also led to the Linux community disabling the instruction.

AMD states that AGESA microcode updates will soon address the vulnerability across all Zen 5 systems. Until those updates arrive, the company advises users to rely on the unaffected 64-bit RDSEED format or use a software-based fallback.
Read more »
Subscribe to: Comments (Atom)

Featured