Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Herodotus Trojan Mimics Human Typing to Steal Banking Credentials

  A newly discovered Android malware, Herodotus, is alarming cybersecurity experts due to its unique ability to imitate human typing. This a...

All the recent news you need to know
Data
AI APT41 Cloud Cyber Security Data

Chinese Hackers Attack Prominent U.S Organizations


Chinese cyber-espionage groups attacked U.S organizations with links to international agencies. This has now become a problem for the U.S, as state-actors from China keep attacking.  Attackers were trying to build a steady presence inside the target network.

Series of attacks against the U.S organizations 

Earlier this year, the breach was against a famous U.S non-profit working in advocacy, that demonstrated advanced techniques and shared tools among Chinese cyber criminal gangs like APT41, Space Pirates, and Kelp.

They struck again in April with various malicious prompts checking both internal network breach and internet connectivity, particularly targeting a system at 192.0.0.88. Various tactics and protocols were used, showing both determination and technical adaptability to get particular internal resources.

Attack tactics 

Following the connectivity tests, the hackers used tools like netstat for network surveillance and made an automatic task via the Windows command-line tools.

This task ran a genuine MSBuild.exe app that processed an outbound.xml file to deploy code into csc.exe and connected it to a C2 server. 

These steps hint towards automation (through scheduled tasks) and persistence via system-level privileges increasing the complexity of the compromise and potential damage.

Espionage methods 

The techniques and toolkit show traces of various Chinese espionage groups. The hackers weaponized genuine software elements. This is called DLL sideloading by abusing vetysafe.exe (a VipreAV component signed by Sunbelt Software, Inc.) to load a malicious payload called sbamres.dll.

This tactic was earlier found in campaigns lkmkedytl Earth Longzhi and Space Pirates, the former also known as APT41 subgroup.

Coincidentally, the same tactic was found in cases connected to Kelp, showing the intrusive tool-sharing tactics within Chinese APTs.

Read more »
Svenska Kraftnät
Critical Infrastructure Cyber Threats Cybersecurity Data Breach Everest Ransomware Network Protection Power Grid Security Ransomware attack Svenska Kraftnät

Sweden Confirms Power Grid Breach Amid Growing Ransomware Concerns

 


Swedish power grid operator, Suderland, has confirmed it is investigating a security incident related to a potential ransomware attack aimed at decrypting sensitive data as part of its ongoing cybersecurity investigation, a revelation that has stirred alarm across Europe's critical infrastructure community.

It has been revealed by Svenska kraftnät, the state-owned company in charge of ensuring the nation's electricity transmission networks, that a criminal group has threatened to release what it claims to be hundreds of gigabytes of internal data allegedly stolen from the organization's computer system in order to sell it to the public. It appears, based on initial findings, that the breach occurred solely through a limited external file transfer platform, and officials stressed that the electricity supply and core grid of Sweden have not been affected.

In spite of this, the revelation has raised alarm about the threat to critical energy infrastructure from cyber extortion, which has increased as authorities continue to figure out exactly how extensive and damaging the cyber extortion attack has been. A breach which took place on October 26, 2025, reverberated throughout the cybersecurity landscape across Europe, highlighting the fragility of digital defences protecting critical infrastructure for the first time. 

In response to claims made by the notorious Everest ransomware group, Sweden's government-owned electricity transmission company, which plays a crucial role in the stability of the country's power grid, confirmed a data compromise had been confirmed by Svenska kraftnät. In spite of the fact that the full scope of the intrusion is still being investigated, early indications suggest that the attackers may have obtained or exfiltrated sensitive internal data as part of the intrusion. 

It has been reported that the Everest group, notorious for coordinated extortion campaigns and sophisticated methods of network infiltration, has publicly accepted responsibility, increasing scrutiny of both national and international cybersecurity authorities. Such attacks on critical national infrastructure (CNI), according to experts, have far-reaching consequences, threatening both operational continuity as well as economic stability and public confidence, among others. 

It has rekindled the need to strengthen cyber resilience frameworks, to collaborate on threat intelligence, and to increase vigilance across essential service providers to prevent similar disruptions in the future. Despite the intrusion, officials have assured that the nation's power transmission and supply operations remain fully operational, with no signs that mission-critical infrastructure will be affected by the intrusion. 

The extent to which the organisation has been compromised is still being investigated while securing affected systems and assessing the nature of the leaked information. In spite of the fact that it is still uncertain to what extent the breach has affected the organisation, early reports suggest that around 280 gigabytes of internal data may have been stolen. An established cybercrime group known as Everest has claimed responsibility for the recent attack on Svenska Kraftnät, and they have listed Svenska Kraftnät among their victims on a Tor-based data leak website, which was launched in late 2020. 

A notorious group for extortion and cyberattacks, the group has been previously linked to high-profile incidents such as Collins Aerospace's cyberattack, which disrupted operations at several European airports as a result. Despite the increasing boldness of ransomware actors to attack key entities of national infrastructure, the latest claim against Sweden's key power operator is a clear indication of what is happening. 

In the process of investigating the incident, Svenska kraftnät continues to maintain close coordination with law enforcement and cybersecurity agencies to identify the perpetrators and mitigate further risks. Despite the fact that this incident has been isolated, it is nonetheless an indication of the escalating cyber threat landscape affecting critical infrastructure providers, where even isolated system failures can pose significant risks to national stability and public confidence. 

Svenska kraftnät has confirmed to the media that Cem Göcgoren, Head of Information Security at Svenska kraftnät, is leading a comprehensive forensic investigation to determine the nature and extent of the data compromised during the cyberattack, as well as to assess the level of damage that has been caused. It has been determined that the breach of security did not affect Sweden's transmission or distribution systems, with officials reassuring that the country's electricity systems should continue to operate uninterrupted during the investigation. 

The aforementioned distinction highlights that the attackers probably targeted administrative or corporate data, not the systems responsible for managing real-time power flo,whichat are responsible for preventing potential disruptions from occurring, which is a critical factor in preventing potentially severe damagSvenska kraftnät must informrms the national law enforcement authorities of the intrusion immediately after it discovers the intrusion and coordinates with the appropriate government agencies to safeguard the infrastructure and cybersecurity of the network. 

As a result of the swift escalation, power grid operators are becoming increasingly regarded as prime targets by ransomware groups, given the strategic and economic leverage they hold. There is a known ransomware gang, Everest, that has claimed responsibility for the attack. This group is notorious for its "double extortion" tactics, in which they encrypt the data of victims while simultaneously threatening to publish the stolen files in the absence of the ransom payment. 

According to cybersecurity experts, this incident has served to underscore the importance of vigilant security governance within critical infrastructure sectors. In terms of countermeasures, it is recommended that robust incident response protocols be activated, as well as users be isolated from compromised systems, and detailed forensic assessments be conducted in order to identify vulnerabilities exploited during the breach. 

The strengthening of the defenders through multi-factor authentication, network segmentation, and the disciplined management of patches is of utmost importance at this time, especially as ransomware operators target flaws in enterprise software products such as VMware vCenter and Ivanti software with increasing frequency. Furthermore, keeping immutable offline backups, making employees aware of phishing and social engineering threats, and leveraging real-time threat intelligence can all help to strengthen resilience against similar attacks in the future. 

Thus, the Svenska kraftnät breach serves both as a warning and a lesson in the ongoing fight against the cyberattacks of modern societies, both in the sense that they serve as a warning and a lesson. In the energy sector, the incident serves as a defining reminder that cybersecurity is no longer only a technical issue, but is also a matter of national resilience. With ransomware actors becoming more sophisticated and audacious, power grid operators have to take a proactive approach and move from reactive defence to predictive intelligence - by adopting continuous monitoring and zero-trust architectures, as well as collaborating with multiple agencies to strengthen digital ecosystems. 

Aside from immediate containment efforts, it will be essential to invest in cybersecurity training, international alliances for information sharing, and next-generation defence technologies to prevent future cyber threats. While alarming, the Svenska kraftnät breach presents a unique opportunity for governments and industries alike to strengthen their digital trust and operational stability by using this breach.
Read more »
Vision Pro
Meta News Smart Glasses Technology Vision Pro

Privacy Laws Struggle to Keep Up with Meta’s ‘Luxury Surveillance’ Glasses


Meta’s newest smart glasses have reignited concerns about privacy, as many believe the company is inching toward a world where constant surveillance becomes ordinary. 

Introduced at Meta’s recent Connect event, the glasses reflect the kind of future that science fiction has long warned about, where everyone can record anyone at any moment and privacy nearly disappears. This is not the first time the tech industry has tried to make wearable cameras mainstream. 

More than ten years ago, Google launched Google Glass, which quickly became a public failure. People mocked its users as “Glassholes,” criticizing how easily the device could invade personal space. The backlash revealed that society was not ready for technology that quietly records others without their consent. 

Meta appears to have taken a different approach. By partnering with Ray-Ban, the company has created glasses that look fashionable and ordinary. Small cameras are placed near the nose bridge or along the outer rims, and a faint LED light is the only sign that recording is taking place. 

The glasses include a built-in display, voice-controlled artificial intelligence, and a wristband that lets the wearer start filming or livestreaming with a simple gesture. All recorded footage is instantly uploaded to Meta’s servers. 

Even with these improvements in design, the legal and ethical issues remain. Current privacy regulations are too outdated to deal with the challenges that come with such advanced wearable devices. 

Experts believe that social pressure and public disapproval may still be stronger than any law in discouraging misuse. As Meta promotes its vision of smart eyewear, critics warn that what is really being made normal is a culture of surveillance. 

The sleek design and luxury branding may make the technology more appealing, but the real risk lies in how easily people may accept being watched everywhere they go.
Read more »
Personal Data
cybersecurity threat Data Breach Data Leak Data protection data security Defence Ministry Personal Data

Afghans Report Killings After British Ministry of Defence Data Leak

 

Dozens of Afghans whose personal information was exposed in a British Ministry of Defence (MoD) data breach have reported that their relatives or colleagues were killed because of the leak, according to new research submitted to a UK parliamentary inquiry. The breach, which occurred in February 2022, revealed the identities of nearly 19,000 Afghans who had worked with the UK government during the war in Afghanistan. It happened just six months after the Taliban regained control of Kabul, leaving many of those listed in grave danger. 

The study, conducted by Refugee Legal Support in partnership with Lancaster University and the University of York, surveyed 350 individuals affected by the breach. Of those, 231 said the MoD had directly informed them that their data had been compromised. Nearly 50 respondents said their family members or colleagues were killed as a result, while over 40 percent reported receiving death threats. At least half said their relatives or friends had been targeted by the Taliban following the exposure of their details. 

One participant, a former Afghan special forces member, described how his family suffered extreme violence after the leak. “My father was brutally beaten until his toenails were torn off, and my parents remain under constant threat,” he said, adding that his family continues to face harassment and repeated house searches. Others criticized the British government for waiting too long to alert them, saying the delay had endangered lives unnecessarily.  

According to several accounts, while the MoD discovered the breach in 2023, many affected Afghans were only notified in mid-2025. “Waiting nearly two years to learn that our personal data was exposed placed many of us in serious jeopardy,” said a former Afghan National Army officer still living in Afghanistan. “If we had been told sooner, we could have taken steps to protect our families.”  

Olivia Clark, Executive Director of Refugee Legal Support, said the findings revealed the “devastating human consequences” of the government’s failure to protect sensitive information. “Afghans who risked their lives working alongside British forces have faced renewed threats, violent assaults, and even killings of their loved ones after their identities were exposed,” she said. 

Clark added that only a small portion of those affected have been offered relocation to the UK. The government estimates that more than 7,300 Afghans qualify for resettlement under a program launched in 2024 to assist those placed at risk by the data breach. However, rights organizations say the scheme has been too slow and insufficient compared to the magnitude of the crisis.

The breach has raised significant concerns about how the UK manages sensitive defense data and its responsibilities toward Afghans who supported British missions. For many of those affected, the consequences of the exposure remain deeply personal and ongoing, with families still living under threat while waiting for promised protection or safe passage to the UK.
Read more »
Technology
AI Alphabet Meta Microsoft Technology

Tech Giants Pour Billions Into AI Race for Market Dominance

 

Tech giants are intensifying their investments in artificial intelligence, fueling an industry boom that has driven stock markets to unprecedented heights. Fresh earnings reports from Meta, Alphabet, and Microsoft underscore the immense sums being poured into AI infrastructure—from data centers to advanced chips—despite lingering doubts about the speed of returns.

Meta announced that its 2025 capital expenditures will range between $70 billion and $72 billion, slightly higher than its earlier forecast. The company also revealed plans for substantially larger spending growth in 2026 as it seeks to compete more aggressively with players like OpenAI.

During a call with analysts, CEO Mark Zuckerberg defended Meta’s aggressive investment strategy, emphasizing AI’s transformative potential in driving both new product development and enhancing its core advertising business. He described the firm’s infrastructure as operating in a “compute-starved” state and argued that accelerating spending was essential to unlocking future growth.

Alphabet, parent to Google and YouTube, also raised its annual capital spending outlook to between $91 billion and $93 billion—up from $85 billion earlier this year. This nearly doubles what the company spent in 2024 and highlights its determination to stay at the forefront of large-scale AI development.

Microsoft’s quarterly report similarly showcased its expanding investment efforts. The company disclosed $34.9 billion in capital expenditures through September 30, surpassing analyst expectations and climbing from $24 billion in the previous quarter. CEO Satya Nadella said Microsoft continues to ramp up AI spending in both infrastructure and talent to seize what he called a “massive opportunity.” He noted that Azure and the company’s broader portfolio of AI tools are already having tangible real-world effects.

Investor enthusiasm surrounding these bold AI commitments has helped lift the share prices of all three firms above the broader S&P 500 index. Still, Wall Street remains keenly interested in seeing whether these heavy capital outlays will translate into measurable profits.

Bank of America senior economist Aditya Bhave observed that robust consumer activity and AI-driven business investment have been the key pillars supporting U.S. economic resilience. As long as the latter remains strong, he said, it signals continued GDP growth. Despite an 83 percent profit drop for Meta due to a one-time tax charge, Microsoft and Alphabet reported profit increases of 12 percent and 33 percent, respectively.
Read more »
organisations
Atroposia DNS Hijacking Hacking malware Malware Trojan organisations

Atroposia Malware Offers Attackers Built-In Tools to Spy, Steal, and Scan Systems

 




Cybersecurity researchers have recently discovered a new malware platform known as Atroposia, which is being promoted on dark web forums as a subscription-based hacking toolkit. The platform offers cybercriminals a remote access trojan (RAT) that can secretly control computers, steal sensitive data, and even scan the infected system for security flaws, all for a monthly payment.

Researchers from Varonis, a data protection firm, explained that Atroposia is the latest example of a growing trend where ready-to-use malware services make advanced hacking tools affordable and accessible, even to attackers with little technical expertise.


How Atroposia Works

Atroposia operates as a modular program, meaning its users can turn individual features on or off depending on what they want to achieve. Once installed on a device, it connects back to the attacker’s command-and-control (C2) server using encrypted communication, making it difficult for defenders to detect its activity.

The malware can also bypass User Account Control (UAC), a security layer in Windows designed to prevent unauthorized changes, allowing it to gain full system privileges and remain active in the background.

Those who purchase access, reportedly priced at around $200 per month unlock a wide set of tools. These include the ability to open a hidden remote desktop, steal files, exfiltrate data, capture copied text, harvest credentials, and even interfere with internet settings through DNS hijacking.

One of the most distinctive parts of Atroposia is its HRDP Connect module, which secretly creates a secondary desktop session. Through this, attackers can explore a victim’s computer, read emails, open apps, or view documents without the user noticing anything unusual. Because the interaction happens invisibly, traditional monitoring systems often fail to recognize it as remote access.

The malware also provides an Explorer-style file manager, which lets attackers browse, copy, or delete files remotely. It includes a “grabber” feature that can search for specific file types or keywords, automatically compress the selected items into password-protected ZIP archives, and transmit them directly from memory leaving little trace on the device.


Theft and Manipulation Features

Atroposia’s data-theft tools are extensive. Its stealer module targets saved logins from browsers, chat records, and even cryptocurrency wallets. A clipboard monitor records everything a user copies, such as passwords, private keys, or wallet addresses, storing them in an easily accessible list for the attacker.

The RAT also uses DNS hijacking at the local machine level. This technique silently redirects web traffic to malicious sites controlled by the attacker, making it possible to trick victims into entering credentials on fake websites, download malware updates, or expose their data through man-in-the-middle attacks.


A Built-In Vulnerability Scanner

Unlike typical RATs, Atroposia comes with a local vulnerability scanner that automatically checks the system for weak spots, such as missing security patches, outdated software, or unsafe configurations. It generates a score to show which issues are easiest to exploit.

Researchers have warned that this function poses a major threat to corporate networks, since it can reveal unpatched VPN clients or privilege escalation flaws that allow attackers to deepen their access or spread across connected systems.

Security experts view Atroposia as part of a larger movement in the cybercrime ecosystem. Services like SpamGPT and MatrixPDF have already shown how subscription-based hacking tools lower the technical barrier for attackers. Atroposia extends that trend by bundling reconnaissance, exploitation, and data theft into one easy-to-use toolkit.


How Users Can Stay Protected

Analysts recommend taking preventive steps to reduce exposure to such threats.

Users should:

• Keep all software and operating systems updated.

• Download programs only from verified and official sources.

• Avoid pirated or torrent-based software.

• Be cautious of unfamiliar commands or links found online.

Companies are also urged to monitor for signs such as hidden desktop sessions, unusual DNS modifications, and data being sent directly from memory, as these can indicate the presence of sophisticated RATs like Atroposia.

Atroposia’s discovery highlights the growing ease with which advanced hacking tools are becoming available. What once required high-level expertise can now be rented online, posing a serious challenge to both individual users and large organizations trying to protect their digital environments.



Read more »
Subscribe to: Comments (Atom)

Featured