Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Latest News

Compromised npm Package 'rand-user-agent' Used to Spread Remote Access Trojan

  A widely-used npm package, rand-user-agent, has fallen victim to a supply chain attack, where cybercriminals injected obfuscated code des...

All the recent news you need to know
Ransomware Platform
Cyber Attacks Data Leak LockBit Ransomware Platform

LockBit Ransomware Platform Breached Again, Ops Data Leaked

 

A breach of an administration panel used by the LockBit ransomware outfit resulted in the exposure of information that can be extremely valuable to law enforcement and the cybersecurity community.

The breach was discovered on May 7, when a domain linked with a LockBit administrator panel was vandalised to display the message "Don't do crime, crime is bad xoxo from Prague". The defaced page is also linked to an archive file containing information acquired from the stolen server. 

The leaked data includes private messages exchanged between LockBit affiliates and victims, Bitcoin wallet addresses, affiliate accounts, attack specifics, and malware and infrastructure details. 

Numerous cybersecurity specialists have examined the leaked data. The Bitcoin addresses could assist law enforcement, according to Christiaan Beek, senior director of threat analytics at Rapid7. 

In addition, Luke Donovan, head of threat intelligence at Searchlight Cyber, stated how the leaked data could benefit the cybersecurity community. According to the expert, the leaked user data is most likely related to ransomware affiliates or administrators. In the publicly available data, Searchlight Cyber has found 76 entries, including usernames and passwords.

“This user data will prove to be valuable for cybersecurity researchers, as it allows us to learn more about the affiliates of LockBit and how they operate. For example, within those 76 users, 22 users have TOX IDs associated with them, which is a messaging service popular in the hacking community,” Donovan noted.

He added, “These TOX IDs have allowed us to associate three of the leaked users with aliases on hacking forums, who use the same TOX IDs. By analysing their conversations on hacking forums we’ll be able to learn more about the group, for example the types of access they buy to hack organizations.” 

Searchlight Cyber discovered 208 chats between LockBit affiliates and victims. The messages, which stretch from December 2024 to April 2025, could be "valuable for learning more about how LockBit's affiliates negotiate with their victims". Indeed, Rapid7's Beek noted that the leaked chats illustrate how active LockBit affiliates were during the ransom negotiations. 

“In some cases, victims were pressured to pay just a few thousand dollars. In others, the group demanded much more: $50,000, $60,000, or even $100,000,” Beek stated. 

As for who is responsible for the LockBit hack, Searchlight Cyber's Donovan pointed out that the defacement message is identical to the message displayed last month on the compromised website of a different ransomware outfit, Everest. 

“While we cannot be certain at this stage, this does suggest that the same actor or group was behind the hack on both of the sites and implies that this data leak is the result of infighting among the cybercriminal community,” Beek added. 

On May 8, a statement released on LockBit's breach website admitted the vulnerability of an administration panel but minimised the impact, claiming that victims' decryptors and sensitive data were unaffected. 

LockBitSupp, the mastermind behind the LockBit operation, identified by authorities as Russian national Dmitry Yuryevich Khoroshev, has stated that he is willing to pay for information on the identity of the attacker. 

Law enforcement authorities across the globe have been taking steps to disrupt LockBit, but after inflicting a severe blow last year, the cybercrime operation remains operational and poses a threat to organisations.
Read more »
Routers Threat
Cyber Security FBI FBI cybersecurity advisory FBI warning Malware Threat Malwares Router Hacking Router vulnerability Routers Routers Threat

FBI Warns Consumers to Replace Outdated Routers Hijacked by TheMoon Malware

 

The FBI has issued an urgent warning to American consumers and businesses: replace outdated internet routers immediately or risk becoming an unwitting accomplice in cybercrime. According to the agency, cybercriminals are actively targeting “end-of-life” routers—older models that no longer receive security updates from manufacturers—and infecting them with a sophisticated variant of TheMoon malware. Once compromised, these routers are hijacked and repurposed as proxy servers that enable criminals to mask their identities while conducting illegal activities online. 

These include financial fraud, dark web transactions, and cyberattacks, all executed through unsuspecting users’ networks. Because these routers lack updated firmware and security patches, they are especially vulnerable to remote infiltration and control. TheMoon malware, which first emerged in 2014, has evolved into a more potent threat. It now scans for open ports and installs itself without requiring a password. Once embedded, it silently operates in the background, routing illicit activity and potentially spreading to other devices within the network. The malware’s stealthy behavior often leaves users unaware that their home or business network has become part of a criminal infrastructure. 

The FBI specifically warned that routers manufactured in 2010 or earlier are particularly at risk—especially if features like remote administration are still enabled. Older Linksys models such as E1200, E2500, E1000, E4200, E1500, E300, E3200, WRT320N, E1550, WRT610N, E100, M10, and WRT310N are listed among the most vulnerable devices. Signs of a compromised router may include overheating, unexplained changes to settings, or erratic internet connectivity. In many cases, users may not even realize their equipment is outdated, making them easy targets for attackers seeking anonymous access to the web. 

To defend against these threats, the FBI strongly advises replacing unsupported routers with modern, secure models. Users should also disable remote access functions, install the latest security patches, and use complex, unique passwords to further protect their networks. If anyone suspects their router has been hijacked or detects suspicious activity, they are encouraged to file a report with the FBI’s Internet Crime Complaint Center (IC3). 

As cybercriminals become more innovative, relying on outdated technology increases exposure to serious digital threats. This latest alert is a stark reminder that cybersecurity begins at home—and that even something as common as a router can become a gateway for criminal exploitation if not properly secured.
Read more »
Screenshots
Cybersecurity geographic Google Google Maps Google Security Tools location data breach Maps Privacy Scan Threat Screenshots

Google Now Scans Screenshots to Identify Geographic Locations

 


With the introduction of a new feature within Google Maps that is already getting mixed reviews from users, this update is already making headlines around the world. Currently available on iPhones, this update allows users to scan screenshots and photographs to identify and suggest places in real time. 

However, even though the technology has the potential to make life easier, such as helping users remember places they have visited or discovering new destinations, it raises valid privacy concerns as well. Even though it is a feature powered by artificial intelligence, there is not much clarity about its exact mechanism. However, it is known that the system analyses the content of images, which is a process involving the transmission of user data across multiple servers, including personal photos. 

Currently, the feature is exclusive to iOS devices, with Android support coming shortly afterwards -- an interesting delaybecauset Android is Google's native operating system. In fact, iPhone users have already been able to test it out by uploading older images to Google Maps and comparing them with locations that they know. 

As the update gains traction, it is likely to generate a lot of discussion regarding its usefulness and ethical implications. It has been reported that Google Maps has launched a new feature to streamline the user experience by making it easier for users to search for locations. Its functionality is currently available only for iPhones, but will soon be available for other devices as well. It allows the app to automatically detect and extract location information from screenshots taken from the device, such as the name of the place or address. 

As the location is identified, it is added to a personalised list, which allows users to return to those locations without having to type in the details manually. There is a particular benefit to using this enhancement for users who frequently take screenshots of places they intend to visit in the future, either from messages they receive from their friends and family, or from social media. As a result of this update, users no longer have to switch between their phone’s gallery and the Maps app manually to search for these places. This makes the process more seamless and intuitive since this friction has been eliminated. 

It is worth mentioning that Google's approach reflects a larger push toward automated convenience, but it also comes with several concerns about data usage and user consent in regards to this approach. In Google's opinion, the motivation behind this feature stems from a problem that many travellers face when researching destinations: keeping track of screenshots they have taken from travel blogs, social media posts, or news articles.

In most cases, these valuable bits of information get lost in the camera roll, which makes it difficult to recall or retrieve them when they are needed. This is an issue that Google is looking to address by improving the efficiency and stress of trip planning. Added to Google Maps' seamless way of surface-saving spots, users will never miss out on a must-visit location simply because it was buried among other images. 

When users authorize the app to access their photo library, it scans screenshots for recognizable place names and addresses and instantly lets them know if they do. If a location is able to be recognized successfully, the app will prompt the user, telling them that the place can now be reviewed and saved if the user wants to. With the advent of this functionality, what once existed only as a passive image archive will soon become an interactive tool for travel planning, providing both convenience and personal navigation. 

Firstly, users must ensure that on their iPhone or iPad device that Google Maps is updated to its latest version if they intend to take full advantage of this innovative feature. Once the app is up to date, the transition from screenshot to saved destination becomes almost effortless. By simply capturing screenshots of websites mentioning travel destinations, whether they come from blogs, articles, or curated recommendations lists, the app can recognize and retrieve valuable location information by simply taking screenshots. 

At the bottom of the screen, there is a new "Screenshots" tab, which appears prominently under the "You" section within the updated interface. The first time a user accesses this section for the first time, they are given a short overview of the functionality, and then they are prompted to grant the app access to the photo gallery of the device. Allowing the app to access this photo gallery allows it to use intelligence to scan for place names and landmarks in the images. 

Once Google Maps has been able to recognise a location within a screenshot, it will begin analysing the images to identify relevant geographical information embedded within them. By simply clicking on the “Scan screenshots” button, Google Maps immediately begins analysing your stored screenshots. Recognised locations are neatly organised into a list, allowing for selective curation. Once confirmed, these places are added to a custom list within the app once confirmed. 

Each additional location becomes a central hub, offering visuals, descriptions, navigation options, and the possibility of organising them into favourites or themed lists, allowing for easy organisation. The static images that once resided in the camera roll are now transformed into a dynamic planning tool that can be accessed from anywhere. The clever combination of AI and user behavior illustrates how technology can elevate everyday habits into smarter, more intuitive experiences by incorporating AI into everyday experiences.

As a further step toward making Google Maps a hands-off experience, you can also set it up so that it will automatically scan any future screenshots you take. With access to the entire photo library, the app continuously monitors and detects new screenshots that contain location information. It then places them directly into the “Screenshots” section without having to do any manual work at all. 

Users have the option of switching this feature on or off at any time, thus giving them complete control over how much of their photo content is being analyzed at any given time. Additionally, if you would rather take a more selective approach, the feature allows you to choose specific images to scan manually, which allows you to make the most of the available features.

In this way, users can take advantage of the convenience of the tool while maintaining their level of privacy and control as artificial intelligence continues to shape our everyday digital experiences, and the new Google Maps feature stands out as one of the best examples of how to combine automation with the ability to control it. 

A smarter, more intuitive way of planning and exploring is created by turning passive screenshots into actionable insights – allowing you to discover, save, and revisit locations in a more intuitive way. This latest update marks a significant milestone in Google Maps' evolution toward smarter, more intuitive navigation tools. By bridging visual content with location intelligence, it creates an enhanced user experience that aligns with the rising demand for efficiency and automation in the industry. 

The rise of artificial intelligence continues to shape the way digital platforms function. Features like screenshot scanning emphasize the necessity to maintain user control while enhancing convenience as a result of thoughtful innovation. As a result of this upgrade, both users and industry professionals will be able to enjoy seamless, context-aware travel planning, which is a reflection of the future.
Read more »
Technology
AI Chatbots Artificial Intelligence DeepSeek Microsoft Technology

Why Microsoft Says DeepSeek Is Too Dangerous to Use

 


Microsoft has openly said that its workers are not allowed to use the DeepSeek app. This announcement came from Brad Smith, the company’s Vice Chairman and President, during a recent hearing in the U.S. Senate. He said the decision was made because of serious concerns about user privacy and the risk of biased content being shared through the app.

According to Smith, Microsoft does not allow DeepSeek on company devices and hasn’t included the app in its official store either. Although other organizations and even governments have taken similar steps, this is the first time Microsoft has spoken publicly about such a restriction.

The main worry is where the app stores user data. DeepSeek's privacy terms say that all user information is saved on servers based in China. This is important because Chinese laws require companies to hand over data if asked by the government. That means any data stored through DeepSeek could be accessed by Chinese authorities.

Another major issue is how the app answers questions. It’s been noted that DeepSeek avoids topics that the Chinese government sees as sensitive. This has led to fears that the app’s responses might be influenced by government-approved messaging instead of being neutral or fact-based.

Interestingly, even though Microsoft is blocking the app itself, it did allow DeepSeek’s AI model—called R1—to be used through its Azure cloud service earlier this year. But that version works differently. Developers can download it and run it on their own servers without sending any data back to China. This makes it more secure, at least in terms of data storage.

However, there are still other risks involved. Even if the model is hosted outside China, it might still share biased content or produce low-quality or unsafe code.

At the Senate hearing, Smith added that Microsoft took extra steps to make the model safer before making it available. He said the company made internal changes to reduce any harmful behavior from the model, but didn’t go into detail about what those changes were.

When DeepSeek was first added to Azure, Microsoft said the model had passed safety checks and gone through deep testing to make sure it met company standards.

Some people have pointed out that DeepSeek could be seen as a competitor to Microsoft’s own chatbot, Copilot. But Microsoft doesn’t block every competing chatbot. For example, Perplexity is available in the Windows app store. Still, some other popular apps, like Google’s Chrome browser and its Gemini chatbot, weren’t found during a search of the store.

Read more »
User Privacy
beWanted Data Breach Data Leak Job Platform User Privacy

Details of 1.1 Million Job Applicants Leaked by a Major Recruitment Platform

 

While looking for a new job can be enjoyable, it is surely not fun to lose your personal information in the process. In the meantime, the Cybernews investigation team found an unprotected GCS bucket belonging to the talent pool platform beWanted that had more than 1.1 million files.

The company, which has its headquarters in Madrid, Spain, bills itself as "the largest Talent Pool ecosystem in the world." beWanted is a software-as-a-service (SaaS) company that links companies and job seekers. The business maintains offices in the UK, Germany, and Mexico. 

The exposed instance was found by the researchers in November of last year. Despite the fact that the relocation temporarily affected service availability, beWanted claims that the company secured the bucket on May 9. 

"We prioritized data security. The solution was fully implemented, and the properly secured service was restored last Friday, May 9, 2025. We have been conducting exhaustive internal testing since Friday and can confirm that the solution is definitive. Furthermore, to the best of our knowledge and following relevant investigations, no data leakage has occurred," the company stated.

The researchers claim that resumes and CVs from job seekers make up the vast majority of the files from the more than a million compromised files. The information that was leaked included details that a job seeker would normally include such as Full names and surnames, phone numbers, email addresses, home addresses, dates of birth national id numbers, nationalities, places of birth, social media links, employment history and educational background. 

The researchers believe that a data leak involving over a million files, each of which likely represents a single person, is a serious security issue for beWanted. The fact that the data has been exposed for at least six months exacerbates the situation: hostile actors continue to comb the web for unprotected instances, downloading whatever they can find.

“This exposure creates multiple attack vectors, enabling cybercriminals to engage in identity theft, where personal information can be used to create synthetic identities or fraudulent accounts,” researchers added. 

Malicious actors can also use leaked information to create highly personalised and credible-looking phishing attempts, which could result in unauthorised access to financial accounts, passwords, or other sensitive data. 

Furthermore, the leaked information highlighted that the problem has worldwide implications. The leaked national ID numbers, for example, are from Spanish, Argentine, Guatemalan, Honduran, and other residents.
Read more »
SSA
Cybersecurity Datatheft Fraud IdentityTheft malware phishing remotetool Scam screenconnect SSA

Cybercriminals Target Social Security Users with Sophisticated Phishing Scam

 

A new wave of phishing attacks is exploiting public trust in government agencies. Cybercriminals are sending fraudulent emails that appear to come from the Social Security Administration (SSA), aiming to trick recipients into downloading a remote access tool that gives hackers full control over their computers, according to a report by Malwarebytes.

The scam emails, often sent from compromised WordPress websites, claim to offer a downloadable Social Security statement. However, the entire message is typically embedded as an image—a tactic that allows it to bypass most email filters. Clicking on the link initiates the installation of ScreenConnect, a powerful malware tool that enables attackers to infiltrate your device remotely.

The campaign has been attributed to a phishing group known as Molatori, whose goal is to extract personal, banking, and other sensitive information. “Once in, the attackers can steal your data, commit financial fraud, and engage in identity theft,” the report warns.

To avoid falling victim, experts suggest staying alert to red flags. These scam emails often contain poor grammar, missing punctuation, strange formatting, and unusual colour schemes for links. Such errors—evident in screenshots shared by Malwarebytes and the SSA—are clear signs of a scam, even as AI-driven tactics make phishing attempts more convincing than ever.

“If you want to view your Social Security statement, the safest option is to visit ssa.gov,” the SSA advises.

What to Do If  You're Targeted:

  • Cut off all communication with the scammer
  • Report the incident to the SSA Office of the Inspector General (OIG)
  • File a report with your local police
  • If you've lost money, submit a complaint to the FBI’s Internet Crime Complaint Center (IC3)

As phishing threats continue to evolve, cybersecurity awareness remains your best defense.


Read more »
RSA Conference
agentic AI AI cybersecurity tools AI Systems AI technology Career Cyber Security cybersecurity landscape RSA RSA Conference

Agentic AI Is Reshaping Cybersecurity Careers, Not Replacing Them

 

Agentic AI took center stage at the 2025 RSA Conference, signaling a major shift in how cybersecurity professionals will work in the near future. No longer a futuristic concept, agentic AI systems—capable of planning, acting, and learning independently—are already being deployed to streamline incident response, bolster compliance, and scale threat detection efforts. These intelligent agents operate with minimal human input, making real-time decisions and adapting to dynamic environments. 

While the promise of increased efficiency and resilience is driving rapid adoption, cybersecurity leaders also raised serious concerns. Experts like Elastic CISO Mandy Andress called for greater transparency and stronger oversight when deploying AI agents in sensitive environments. Trust, explainability, and governance emerged as recurring themes throughout RSAC, underscoring the need to balance innovation with caution—especially as cybercriminals are also experimenting with agentic AI to enhance and scale their attacks. 

For professionals in the field, this isn’t a moment to fear job loss—it’s a chance to embrace career transformation. New roles are already emerging. AI-Augmented Cybersecurity Analysts will shift from routine alert triage to validating agent insights and making strategic decisions. Security Agent Designers will define logic workflows and trust boundaries for AI operations, blending DevSecOps with AI governance. Meanwhile, AI Threat Hunters will work to identify how attackers may exploit these new tools and develop defense mechanisms in response. 

Another critical role on the horizon is the Autonomous SOC Architect, tasked with designing next-generation security operations centers powered by human-machine collaboration. There will also be growing demand for Governance and AI Ethics Leads who ensure that decisions made by AI agents are auditable, compliant, and ethically sound. These roles reflect how cybersecurity is evolving into a hybrid discipline requiring both technical fluency and ethical oversight. 

To stay competitive in this changing landscape, professionals should build new skills. This includes prompt engineering, agent orchestration using tools like LangChain, AI risk modeling, secure deployment practices, and frameworks for explainability. Human-AI collaboration strategies will also be essential, as security teams learn to partner with autonomous systems rather than merely supervise them. As IBM’s Suja Viswesan emphasized, “Security must be baked in—not bolted on.” That principle applies not only to how organizations deploy agentic AI but also to how they train and upskill their cybersecurity workforce. 

The future of defense depends on professionals who understand how AI agents think, operate, and fail. Ultimately, agentic AI isn’t replacing people—it’s reshaping their roles. Human intuition, ethical reasoning, and strategic thinking remain vital in defending against modern cyber threats. 

As HackerOne CEO Kara Sprague noted, “Machines detect patterns. Humans understand motives.” Together, they can form a faster, smarter, and more adaptive line of defense. The cybersecurity industry isn’t just gaining new tools—it’s creating entirely new job titles and disciplines.
Read more »
Subscribe to: Posts (Atom)