Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Indian Government Proposes Compulsory Location Tracking in Smartphones, Faces Backlash

Government faces backlash over location-tracking proposal The Indian government is pushing a telecom industry proposal that will compel smar...

All the recent news you need to know
Privacy
Artificial Intelligence Brave Browser Browser Leo Privacy

Brave Experiments With Automated AI Browsing Under Tight Security Checks

 



Brave has started testing a new feature that allows its built-in assistant, Leo, to carry out browsing activities on behalf of the user. The capability is still experimental and is available only in the Nightly edition of the browser, which serves as Brave’s testing environment for early features. Users must turn on the option manually through Brave’s internal settings page before they can try it.

The feature introduces what Brave calls agentic AI browsing. In simple terms, it allows Leo to move through websites, gather information, and complete multi-step tasks without constant user input. Brave says the tool is meant to simplify activities such as researching information across many sites, comparing products online, locating discount codes, and creating summaries of current news. The company describes this trial as its initial effort to merge active AI support with everyday browsing.

Brave has stated openly that this technology comes with serious security concerns. Agentic systems can be manipulated by malicious websites through a method known as prompt injection, which attempts to make the AI behave in unsafe or unintended ways. The company warns that users should not rely on this mode for important decisions or any activity involving sensitive information, especially while it remains in early testing.

To limit these risks, Brave has placed the agent in its own isolated browser profile. This means the AI does not share cookies, saved logins, or browsing data from the user’s main profile. The agent is also blocked from areas that could create additional vulnerabilities. It cannot open the browser’s settings page, visit sites that do not use HTTPS, interact with the Chrome Web Store, or load pages that Brave’s safety system identifies as dangerous. Whenever the agent attempts a task that might expose the user to risk, the browser will display a warning and request the user’s confirmation.

Brave has added further oversight through what it calls an alignment checker. This is a separate monitoring system that evaluates whether the AI’s actions match what the user intended. Since the checker operates independently, it is less exposed to manipulation that may affect the main agent. Brave also plans to use policy-based restrictions and models trained to resist prompt-injection attempts to strengthen the system’s defenses. According to the company, these protections are designed so that the introduction of AI does not undermine Brave’s existing privacy promises, including its no-logs policy and its blocking of ads and trackers.

Users interested in testing the feature can enable it by installing Brave Nightly and turning on the “Brave’s AI browsing” option from the experimental flags page. Once activated, a new button appears inside Leo’s chat interface that allows users to launch the agentic mode. Brave has asked testers to share feedback and has temporarily increased payments on its HackerOne bug bounty program for security issues connected to AI browsing.


Read more »
Hacking Attack
Asus Cyber Defence Cyber Security Cybersecurity Breach Everest Ransomware Hackers Hacking Attack

Asus Supplier Breach Sparks Security Concerns After Everest Ransomware Claims Data Theft

 

Asus has confirmed a security breach via one of its third-party suppliers after the Everest ransomware group claimed it had accessed internal materials belonging to the company. In its statement, Asus confirmed that a supply chain vendor "was hacked," and the intrusion impacted portions of the source code relating to cameras for Asus smartphones. The company emphasized that no internal systems, products, or customer data were impacted. It refused to name the breached supplier or detail exactly what was accessed, but it said it is shoring up supply chain defenses to align with cybersecurity best practices. 

The disclosure comes amid brazen claims from the Everest ransomware gang, an established extortion outfit that has traditionally targeted major technology firms. Everest claimed it had pilfered around 1 TB of data related to Asus, ArcSoft, and Qualcomm, leaking screenshots online as evidence of the breach. The group said on its dark-web leak site that it was offering an array of deep technical assets, from segmentation modules to source code, RAM dumps, firmware tools, AI model weights, image datasets, crash logs, and test applications. The cache supposedly also contained calibration files, dual-camera data, internal test videos, and performance evaluation reports, the gang said. 

As it is, Asus hasn't verified the broader claims of Everest and has called the incident isolated to a single external supplier that holds camera-related resources. The company hasn't provided an explanation of whether material that was supposedly exfiltrated by the attackers included its proprietary code or information from the other organizations named by the group. Requests for additional comment from the manufacturer went unreturned, thus leaving various aspects of the breach unexplained. The timing is problematic for Asus, coming just weeks after new research highlighted yet another security issue with the company's consumer networking hardware. Analysts in recent weeks said about 50,000 Asus routers were compromised in what observers believe is a China-linked operation. 

That campaign involved attackers exploiting firmware vulnerabilities to build a relatively large botnet that's able to manipulate traffic and facilitate secondary infections. Although the router exploitation campaign and the supplier breach seem unrelated, taken together the two incidents raise the temperature on Asus' overall security posture. With attackers already targeting its networking devices en masse, the discovery of a supply chain intrusion-one that may have entailed access to source code-only adds to the questions about the robustness of the company's development environments. 

As supply chain compromises remain one of the biggest risks facing the tech sector, the incident serves as a reminder of the need for far better oversight, vetting of vendors, and continuous monitoring to ensure malicious actors do not penetrate upstream partners. For Asus, the breach raises pressure on the company to reassure customers and partners that its software and hardware ecosystems remain secure amid unrelenting global cyberthreat activity.
Read more »
Zero-Day Vulnerabilities and Exploits
Cyber-Espionage Tools Digital Forensics Intellexa Network Mobile Surveillance Predator spyware Spyware Attacks Threat Intelligence Zero-Click Exploits Zero-Day Vulnerabilities and Exploits

Emerging Predator Spyware Technique Enables Zero-Click Compromise


 

Intellexa is one of the most controversial and persistent players in the shadowy world of commercial cyber-espionage, even though mounting scrutiny, international sanctions, and ongoing investigations have led to increased scrutiny and investigation. 

Although it is best known for its flagship surveillance solution, the Predator spyware suite, the consortium has demonstrated that it can operate beyond the scope of regulatory control on a number of occasions. An investigation conducted by more than one party, supported by confidential internal records, leaked sales decks, training materials, and other sensitive corporate documents verified by Amnesty International, shows that Intellexa continues to conduct business at a high level, and has even expanded its activities. 

A vendor has been aggressively pursuing government and corporate clients for years, and the findings indicate the vendor is still leveraging a pipeline of high-value vulnerabilities to do so. There is one striking feature of the company: its continued reliance on zero-day exploits targeted at mobile browsers. This is reflected in the recent analysis published by Google's Threat Analysis Group, which recently identified fifteen new zero-day exploits related to Predator deployments. 

Intellexa, according to the investigators, routinely purchases unidentified bugs from independent hackers, weaponizes them in covert operations, and throws them away only once the flaws have become widely known and have been fixed. Predator's sophisticated capabilities and the troubling resilience of the spyware market that supports it are both emphasized by this cycle of acquiring, exploiting, and "burning" zero-days. 

Moreover, investigators have also discovered a parallel operation, using Aladdin, which uses online advertising to silently distribute spyware, by using online advertising as a delivery mechanism. The Aladdin ads, unlike earlier models that relied on phishing lures or user interaction, are being distributed through mainstream advertising networks and are embedded within seemingly legitimate placements on widely visited websites and mobile applications, instead of relying on phishing lures and user interaction. 

When the page is loaded and the selected target is clicked on, it is enough for the compromise to occur. There is no need to click, install, or show any warnings. These attacks are being conducted using an intricate ad delivery infrastructure that is deliberately labyrinthine, as it is routed through multiple layers of front companies and brokers in Ireland, Germany, Switzerland, Greece, Cyprus, the UAE, and Hungary, spread across a multitude of countries. 

As a result of the dispersed architecture, the operators' identities are obscurable, and regulators and security teams are unable to detect and block malicious traffic due to the dispersed architecture. As a consequence of these developments, analysts claim that the threat landscape has undergone a decisive shift: spyware operators are moving away from social-engineering tactics towards frictionless, automated exploitation channels that make successful intrusions less likely.

Even though the threat landscape is becoming more complex, experts advise that layering protections — including robust ad-blocking, restrictive script policies, DNS-based filtering tools, and diligent software patching — remain important in order to ensure that these vectors do not penetrate the network. 

There is no denying the fact that sanctioned vendors such as Intellexa have continued to operate and the rapid evolution of platforms like Aladdin underscores a sobering reality: the commercial spyware industry is adapting faster than global oversight mechanisms can keep up, leading to an ever-growing mercenary spyware industry. 

A detailed examination of the ecosystem surrounding Intellexa reveals that Predator itself has evolved into the most sophisticated and elusive mercenary spyware platform ever produced. Since at least 2019, the tool has been active. Although it was originally developed by Cytrox, it seems to be maintained and distributed by a constellation of Intellexa-linked entities, expanding the operation far beyond its original footprint. 

Predator's technological design aims to provide stealth above all else: it leaves very little forensic trace, resists conventional analysis, and makes it exceptionally difficult for independent verification to be made. With this spyware, you will have access to sweeping surveillance capabilities, such as real-time access to a device's microphone, camera, files, communications and cloud-synced data, once the spyware has been installed. 

In Predator, which is largely built around Python components, a modular architecture allows new capabilities to be added on-the-fly without re-infecting the device, a flexibility that has made it so appealing to governments looking for covert, persistent access to mobile devices. 

There is both a traditional "one-click" compromise approach supported by the platform, which involves carefully designed social engineering links, and an even more advanced "zero-click" compromise approach which does not require any interaction from the user, like network injection or proximity-based delivery. 

Although no proof has yet been provided that remote, messaging-app zero-click exploits like FORCEEDENTRY or BLASTPASS, or NSO Group's Pegasus exploits, are being used on a scale as large as Pegasus, it is clear from the documentation that Predator operators are still able to make silent access when certain conditions are met. 

In the past two years, Recorded Future's Insikt Group has collected information that indicates Predator activity is taking place in more than a dozen countries, ranging from Angola and Armenia to Botswana, the Democratic Republic of Congo, Egypt, Indonesia, Kazakhstan, Mongolia, Mozambique and Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. As a result of additional evidence, deployments have been observed in Greece, Sudan, and Vietnam, each of which has varying degrees of involvement from the state. 

Greece has shown the greatest impact of the political fallout, with revelations that the Predator was used against journalists, opposition politicians, business leaders, and other public figures, leading to parliamentary inquiries, criminal investigations, as well as an ongoing national scandal referred to as “Predatorgate”. In addition to providing insight into Intellexa's growing arsenal of delivery methods, the leaked material confirms that a little-known vector, codenamed Triton, has been discovered. 

Triton is designed to compromise Samsung Exynos chipset-based devices by exploiting vulnerabilities in the baseband, allowing them to be compromised—sometimes forcing them to go down to 2G in order to create the conditions for infection. According to Amnesty International's researchers, it is still unclear whether Triton is still operational. However, there have been references to two other mechanisms that seem to be using radiofrequency manipulation or direct physical access techniques. These mechanisms appear to be known by the names Thor and Oberon. 

In spite of the fact that it is still unclear what the exact capabilities of these vectors are, the inclusion of Intellexa's internal materials illustrates the wide range of the group's technological ambitions. It has been reported that Intellexa is also one of the most aggressive commercial actors exploiting zero-day vulnerabilities that Google's Threat Analysis Group has documented since 2021. In 15 of these cases, Intellexa's activities have been attributed.

According to Google's researchers, the company employs both the development of their own exploit chains and the acquisition of additional vulnerabilities from outside brokers to broaden its operational reach, which is a dual approach to exploit chains. The Amnesty International report suggests that Intellexa remains fully operational even after sanctions and a sweeping investigation in Greece, with Predator's tooling becoming increasingly stealthy and resistant to forensic analysis as a result. 

A number of security experts have warned that as Predator's techniques advance, users might have to take greater precautions to protect themselves against these rapidly developing mobile exploitation frameworks, including the Advanced Protection features of Android and Apple's Lockdown Mode, in order to mitigate the risk associated with them. In spite of mounting international scrutiny, there is no sign that the overall market for commercial surveillance tools will slow down anytime soon.

A report by analysts indicates that a deep rooted financial incentive exists for the spyware industry to remain viable: governments still need powerful digital monitoring tools, and vendors are eager to satisfy that demand by designing more sophisticated products that will be able to evade the security measures currently in place. A trend of new players entering the market has largely been seen to continue until new players join the game, allowing offensive cyber tools to become more accessible and pushing existing developers to further refine their platforms to meet the demands of the new players. 

A number of regulatory efforts have been launched, most notably in the European Union, where ongoing inquiries may lead to tighter oversight over the sale and use of intrusive technologies, but experts warn that a meaningful global coordination process is still missing. Predator, for example, will remain a potential threat until stronger international mechanisms are established. 

It is not uncommon for platforms such as Predator to resurface even in the face of sanctions, public revelations, or temporary operational setbacks. This reality has been underscored by recent reports which indicate the Predator infrastructure has reemerged with increased obfuscation, more redundancy, and fewer forensic artifacts that make it harder to attribute and detect the threat. 

It is said by security experts that, even though there are no foolproof defensive strategies, an increased awareness, transparent public reporting, and well-enforced regulations can substantially limit the reach of mercenary spyware. They argue that government officials, researchers, and private-sector defense funders must move faster if they are to survive an industry that continues to innovate in the shadows without government influence.
Read more »
DDOS Attack
Aisuru Botnet Cloudfare Cyber Attacks DDOS Attack

Aisuru Botnet Unleashes Record 29.7 Tbps DDoS Attack

 

A new record-breaking 29.7 Tbps distributed denial-of-service (DDoS) attack launched via the Aisuru botnet has set a new standard for internet disruption and reinforced that multi-terabit attacks are on track to soon be an everyday event for DDoS defenders. According to Cloudflare’s latest DDoS threats report, Aisuru launched an intense hyper-volumetric DDoS on a network layer with traffic that reached 29.7 Tbps and 14.1 billion packets per second, reaching new heights beyond previous records that topped 22 Tbps. 

The DDoS attack employed a UDP ‘carpet bombing’ technique that targeted 15,000 destination ports every second with random packet components constantly varying so as not to get filtered out at traditional scrubbing centers. Despite these efforts, Cloudflare reports that Aisuru traffic took mere seconds for an autonomous mitigation system to identify and remove. 

Behind the incident is a botnet Cloudflare now estimates at 1 million to 4 million compromised devices, making Aisuru the biggest DDoS botnet in active circulation. Since the start of 2025, Cloudflare has mitigated 2,867 Aisuru incidents, with 1,304 hyper-volumetric attacks in the third quarter alone - a 54% quarter-over-quarter increase that equates to about 14 mega-events a day. Segments of the botnet are openly leased as "chunks", allowing buyers to rent enough power to take down backbone connections or perhaps even national ISPs for mere hundreds or thousands of dollars apiece.

Cloudflare thwarted a total of 8.3 million DDoS attacks in the third quarter of 2025, a 15% increase from the prior quarter and 40% year-over-year, while marking the 2025 year-to-date total at 36.2 million - already 170% of all attacks recorded in 2024 and still one full quarter away. 

About 71% of Q3 attacks were network-layer traffic, which soared 87% QoQ and 95% YoY, while HTTP-layer events fell 41% QoQ and 17% YoY, indicating a strategic swing back to pure bandwidth and transport-layer exhaustion. The extremes are picked up the most: incidents over 100 Mpps jumped 189% QoQ, and those above 1 Tbps increased by 227%, though many ended within 10 minutes, too late for any effective intervention by manual actions or DDoS-on-demand mitigation programs.

Collateral damage continues to escalate as well. KrebsOnSecurity reports Aisuru-driven traffic has already caused severe outages at U.S. internet services not targeted as main victims. Cloudflare data shows Aisuru and actors like it have targeted telecoms, gaming, hosting, and financial services intensely. Information Technology and Services, telecoms, gambling and casinos are among the toughest hit sectors in Q3. 

Geopolitics and societal unrest are increasingly reflected in attack behavior. DDoS traffic against generative AI service providers jumped as high as 347% month-over-month in September, and DDoS attacks on mining, minerals and metals, and autos failed to lag as tensions escalated involving EV tariffs and China and the EU.

Indonesia continues as source number one for DDoS traffic, registering an astonishing 31,900% increase in HTTP DDoS requests since 2021, and there were sharp increases in Q3 2025 for the Maldives, France, and Belgium, reflecting massive protests and worker walkouts. China stayed the most‑targeted country, followed by Turkey and Germany, with the United States climbing to fifth and the Philippines showing the steepest rise within the top 10, underscoring how modern DDoS campaigns now track political flashpoints, public anger, and regulatory fights over AI and trade almost in real time.
Read more »
Virtual Kidnapping
Cyber Crime FBI Hacking Scammers Sensitive Information Virtual Kidnapping

FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings

 



The Federal Bureau of Investigation has issued a new advisory warning people about a growing extortion tactic in which criminals take photos posted online, manipulate them, and present the edited images as supposed evidence during fake kidnapping attempts. The agency reports that these incidents, often described as virtual kidnappings, are designed to panic the target into paying quickly before verifying the claims.


How the scam begins

The operation usually starts when criminals search social media accounts or any platform where people share personal photos publicly. They collect pictures of individuals, including children, teenagers, and adults, and then edit those images to make it appear as though the person is being held against their will. Scammers may change facial expressions, blur backgrounds, add shadows, or alter body positions to create a sense of danger.

Once they prepare these altered images, they contact a relative or friend of the person in the photo. In most cases, they send a sudden text or place a call claiming a loved one has been kidnapped. The message is crafted to create immediate panic and often includes threats of harm if payment is not made right away.


The role of fake “proof of life”

One recurring tactic is the use of emotionally charged photos or short video clips that appear to show the victim in distress. These materials are presented as proof that the kidnapping is real. However, investigators have observed that the content often contains mistakes that reveal it has been edited. The inconsistencies can range from missing tattoos or scars to unnatural lighting, distorted facial proportions, or visual elements that do not match known photos of the person.

Criminals also try to limit the victim’s ability to examine the images closely. Some use disappearing messages or apps that make screenshots difficult. Others send messages in rapid succession to prevent the victim from taking a moment to reach out to the supposed abducted individual.


Why these scams escalate quickly

Scammers depend on speed and emotional intensity. They frequently insist that any delay will lead to harm, which pressures victims to make decisions without checking whether their loved one is actually safe. In some situations, criminals exploit posts about missing persons by inserting themselves into ongoing searches and providing false updates.

The FBI urges people to be mindful of the information they share online, especially when it involves personal photos, travel details, or locations. The agency recommends that families set up a private code word that can be used during emergencies to confirm identity. Individuals should avoid sharing personal information with unknown callers or strangers while traveling.

If someone receives a threatening call or message, the FBI advises them to stay calm and attempt to contact the alleged victim directly through verified communication channels. People should record or capture any messages, screenshots, phone numbers, images, or audio clips connected to the incident. These materials can help law enforcement determine whether the event is a hoax.

Anyone who believes they have been targeted by a virtual kidnapping attempt is encouraged to submit a report to the FBI’s Internet Crime Complaint Center at IC3.gov. The agency requests detailed information, including phone numbers used by the scammer, payment instructions, message transcripts, and any photos or videos that were provided as supposed evidence.





Read more »
Vetco security lapse
Data Breach IDOR vulnerability pet medical records exposed Petco Petco Vetco leak Vetco Clinics Vetco security lapse

Petco Takes Vetco Clinics Site Offline After Major Data Exposure Leaves Customer Records Accessible Online

 

Pet wellness brand Petco has temporarily taken parts of its Vetco Clinics website offline after a security failure left large amounts of customer information publicly accessible.

TechCrunch notified the company about the exposed Vetco customer and pet data, after which Petco acknowledged the issue in a statement, saying it is investigating the incident at its veterinary services arm. The company declined to share further details.

The lapse meant that anyone online could directly download customer files from the Vetco site without needing an account or login credentials. At least one customer file was publicly visible and had even been indexed by Google, making it searchable.

According to data reviewed by TechCrunch, the exposed records included visit notes, medical histories, prescriptions, vaccination details, and other documents linked to Vetco customers and their pets.

These files contained personal information such as customer names, home addresses, phone numbers and email addresses, along with clinic locations, medical evaluations, diagnoses, test results, treatment details, itemized costs, veterinarian names, signed consent forms, and service dates.

Pet details were also disclosed, including pet names, species, breed, sex, age, date of birth, microchip numbers, medical vitals, and prescription histories.

TechCrunch reported the flaw to Petco on Friday. The company acknowledged the exposure on Tuesday after receiving follow-up communication that included examples of the leaked files.

Petco spokesperson Ventura Olvera told TechCrunch that the company has “implemented, and will continue to implement, additional measures to further strengthen the security of our systems,” though Petco did not provide proof of these measures. Olvera also declined to clarify whether the company has logging tools capable of determining whether the data was accessed or extracted during the exposure.

The vulnerability stems from how Vetco’s website generates downloadable PDFs for customers. Vetco’s portal, petpass.com, gives customers access to their vet records. However, TechCrunch discovered that the PDF-generation page was left publicly accessible without any password protection.

This allowed anyone to retrieve sensitive documents simply by altering the URL to include a customer’s unique identification number. Because Vetco’s customer IDs are sequential, adjusting the number by small increments exposed other customers’ records as well.

By checking ID numbers in increments of 100,000, TechCrunch estimated that the flaw could have exposed information belonging to millions of Petco customers.

The issue is identified as an insecure direct object reference (IDOR), a common security oversight where servers fail to verify whether the requester is authorized to access specific files.

It remains unknown how long the data was publicly exposed, but the record visible on Google dated back to mid-2020.

This marks the third data incident involving Petco in 2025, according to TechCrunch’s reporting.

Earlier in the year, hackers linked to the Scattered Lapsus$ Hunters group reportedly stole a large trove of customer data from a Salesforce-hosted Petco database and sought ransom payments to avoid leaking the data.

In September, Petco disclosed another breach involving a misconfigured software setting that mistakenly made certain files available online. That incident exposed highly sensitive data—including Social Security numbers, driver’s license details, and payment information like credit and debit card numbers.

Olvera did not confirm how many customers were affected by the September breach. Under California law, organizations must publicly report breaches affecting more than 500 state residents.

TechCrunch believes the newly discovered Vetco data exposure is a separate event because Petco had already begun notifying customers about the earlier breach months prior.
Read more »
Subscribe to: Comments (Atom)

Featured