Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Security Specialists Warn That Full Photo Access Can Expose Personal Data

  Mobile devices have become silent archives of modern life, storing everything from personal family moments to copies of identification doc...

All the recent news you need to know
Supply Chain Attack
AI Tool GlassWorm malware Open VSX Supply Chain Attack

GlassWorm Abuses 72 Open VSX Extensions in Bold Supply-Chain Assault

 

GlassWorm has resurfaced with a more aggressive supply‑chain campaign, this time weaponizing the Open VSX registry at scale to target developers. Security researchers say the latest wave represents a significant escalation in both scope and stealth compared to earlier activity. 

Since January 31, 2026, at least 72 new malicious Open VSX extensions have been identified, all masquerading as popular tools like linters, formatters, code runners, and AI‑powered coding assistants. These look and behave like legitimate utilities at first glance, making it easy for busy developers to trust and install them. Behind the scenes, however, they embed hidden logic designed to pull in additional malware once inside a development environment.

The attackers now abuse trusted Open VSX features such as extensionPack and extensionDependencies to spread their payloads transitively. An extension can appear harmless on installation but later pull in a malicious dependency via an update or a bundled pack. This approach allows the threat actor to minimize obviously suspicious code in each listing while still maintaining a broad infection path.

Once executed, GlassWorm behaves as a multi‑stage infostealer and remote access tool targeting developer systems. It focuses on harvesting credentials for npm, GitHub, Git, and other services, then uses those stolen tokens to compromise additional repositories and publish more infected extensions. This creates a self‑reinforcing loop that can quickly expand across ecosystems if not promptly contained. 

Beyond credentials, GlassWorm aggressively targets financial data by going after more than 49 different cryptocurrency wallet browser extensions, including popular wallets like MetaMask, Coinbase, and Phantom. Stolen cookies and session tokens can enable account takeover, while drained wallets provide immediate monetization for the attackers. In later stages, the malware deploys a hidden VNC component and SOCKS proxy, effectively converting developer machines into nodes within a criminal infrastructure. 

For developers and organizations, this campaign underscores how extension ecosystems have become high‑value attack surfaces. Teams should enforce strict extension allowlists, monitor unusual repository activity, and rotate credentials if any suspicious Open VSX extensions were recently installed. Security tooling that inspects extension metadata, dependency chains, and post‑install behavior is now essential to counter evolving threats like GlassWorm.
Read more »
Privacy
encrypted messaging apps End To End Encryption Instagram Law Enforcement Meta Privacy

Meta to Discontinue End-to-End Encrypted Chats on Instagram Come May 2026

 



Meta Platforms has confirmed that it will remove support for end-to-end encrypted messaging in Instagram direct messages beginning May 8, 2026. After this date, conversations that previously relied on this encryption feature will no longer be protected by the same privacy mechanism.

According to guidance published in the platform’s support documentation, users whose conversations are affected will receive instructions explaining how to download messages or media files they want to retain. In some situations, individuals may also need to install the latest version of the Instagram application before they can export their chat history.  

When asked about the decision, Meta stated that encrypted messaging on Instagram saw limited adoption. The company explained that only a small percentage of users chose to enable end-to-end encryption within Instagram direct messages. Meta also pointed out that people who want encrypted communication can still use the feature on WhatsApp, where end-to-end encryption is already widely used.


How Instagram Encryption Was Introduced

Instagram’s encrypted messaging capability was originally introduced as part of a broader push by Meta to transform its messaging ecosystem. In 2021, Meta CEO Mark Zuckerberg outlined a “privacy-focused” strategy for social networking that aimed to shift communication toward private and secure messaging environments. 

Within that initiative, Meta began experimenting with encrypted direct messages on Instagram. However, the feature never became the default setting for users. Instead, it remained an optional capability available only in certain regions and had to be manually activated within specific conversations.

The tool also gained relevance during geopolitical tensions. Shortly after the outbreak of the Russia-Ukraine conflict in early 2022, Meta expanded access to encrypted direct messages for adult users in both Russia and Ukraine. The company said the move was intended to provide safer communication channels during the early phase of the war.


Industry Debate Over Encrypted Messaging

The decision to discontinue Instagram’s encrypted chats comes amid a broader debate in the technology sector about whether strong encryption improves or complicates online safety.

Recently, the social media platform TikTok said it currently has no plans to introduce end-to-end encryption for its messaging system. The company told the BBC that such technology could reduce its ability to monitor harmful activity and protect younger users from abuse.

End-to-end encryption is widely regarded by cybersecurity experts as one of the strongest ways to secure digital communication. When this technology is used, messages are encrypted on the sender’s device and can only be decrypted by the recipient. This means that even the platform hosting the conversation cannot read the message contents during transmission. 

Because of this design, encrypted systems can protect users from surveillance, data interception, or unauthorized access by third parties. Many messaging services, including WhatsApp and Signal, rely on similar encryption models to secure billions of conversations globally.


Law Enforcement Concerns

Despite its privacy advantages, encryption has long been controversial among law enforcement agencies and child-safety advocates. Critics argue that encrypted messaging makes it harder for technology companies to detect criminal behavior such as terrorism recruitment or the distribution of child sexual abuse material.

Authorities describe this challenge as the “Going Dark” problem, referring to situations where investigators cannot access message content even when they obtain legal warrants. Policymakers have repeatedly warned that widespread encryption could reduce the ability of platforms to cooperate with criminal investigations.

Internal documents previously reported by Reuters indicated that some Meta executives had raised similar concerns internally. In discussions dating back to 2019, company officials warned that widespread encryption could limit the company’s ability to identify and report illegal activity to law enforcement authorities. 


Regulatory Pressure and Future Policy

The global policy debate around encryption is still evolving and charting new courses. The European Commission is expected to release a technology roadmap on encryption later this year. The initiative aims to explore ways to allow lawful access to encrypted data for investigators while preserving cybersecurity protections and civil liberties.


A Changing Messaging Strategy

Meta’s decision to remove encrypted messaging from Instagram highlights the complex trade-offs technology companies face when balancing privacy protections with safety monitoring and regulatory expectations.

While encryption remains a cornerstone of messaging on WhatsApp and has expanded across other platforms, the rollback on Instagram suggests that adoption rates, platform design, and policy pressures can influence whether such security features remain viable.

For Instagram users who relied on encrypted chats, the upcoming change means reviewing conversations before May 2026 and exporting any information they wish to keep before the feature is officially retired.

Read more »
zero-day cyberattack
CISA CVE-2025-0282 Ivanti Connect Secure vulnerability malware RESURGE UNC5221 threat actor zero-day cyberattack

CISA Reveals New Details on RESURGE Malware Exploiting Ivanti Zero-Day Vulnerability

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published fresh technical insights into RESURGE, a malicious implant leveraged in zero-day attacks targeting Ivanti Connect Secure appliances through the vulnerability tracked as CVE-2025-0282.

The latest advisory highlights the implant’s ability to remain undetected on affected systems for extended periods. According to CISA, the malware employs advanced network-level evasion and authentication mechanisms that allow attackers to maintain hidden communication channels with compromised devices.

CISA first reported the malware on March 28 last year, noting that it can persist even after system reboots. The implant is capable of creating web shells to harvest credentials, generating new accounts, resetting passwords, and escalating privileges on affected systems.

Security researchers at incident response firm Mandiant revealed that the critical CVE-2025-0282 flaw had been actively exploited as a zero-day vulnerability since mid-December 2024. The campaign has been linked to a China-associated threat actor identified internally as UNC5221.

Network-level evasion techniques

In the updated bulletin, CISA shared additional technical details about the implant. The malware is a 32-bit Linux shared object file named libdsupgrade.so that was recovered from a compromised Ivanti device.

RESURGE functions as a passive command-and-control (C2) implant with multiple capabilities, including rootkit, bootkit, backdoor, dropper, proxying, and tunneling functions.

Unlike typical malware that regularly sends signals to its command server, RESURGE remains idle until it receives a specific inbound TLS connection from an attacker. This behavior helps it avoid detection by traditional network monitoring systems.

When loaded within the ‘web’ process, the implant intercepts the ‘accept()’ function to inspect incoming TLS packets before they reach the web server. It searches for particular connection patterns originating from remote attackers using a CRC32 TLS fingerprint hashing method.

If the fingerprint does not match the expected pattern, the traffic is redirected to the legitimate Ivanti server. CISA also explained that the attackers rely on a fake Ivanti certificate to confirm that they are interacting with the malware implant rather than the genuine web server.

The agency noted that the forged certificate is used strictly for authentication and verification purposes and does not encrypt communication. However, it also helps attackers evade detection by impersonating the legitimate Ivanti service.

Because the fake certificate is transmitted over the internet without encryption, CISA said defenders can potentially use it as a network signature to identify ongoing compromises.

Once the fingerprint verification and authentication steps are completed, attackers establish encrypted remote access to the implant through a Mutual TLS session secured with elliptic curve cryptography.

"Static analysis indicates the RESURGE implant will request the remote actors' EC key to utilize for encryption, and will also verify it with a hard-coded EC Certificate Authority (CA) key," CISA says.

By disguising its traffic to resemble legitimate TLS or SSH communications, the implant maintains stealth while ensuring long-term persistence on compromised systems.

Additional malicious components

CISA also examined another file, a variant of the SpawnSloth malware named liblogblock.so, which is embedded within the RESURGE implant. Its primary role is to manipulate system logs to conceal malicious activities on infected devices.

A third analyzed component, called dsmain, is a kernel extraction script that incorporates the open-source script extract_vmlinux.sh along with the BusyBox collection of Unix/Linux utilities.

The script enables the malware to decrypt, alter, and re-encrypt coreboot firmware images while modifying filesystem contents to maintain persistence at the boot level.

“CISA’s updated analysis shows that RESURGE can remain latent on systems until a remote actor attempts to connect to the compromised device,” the agency notes. Because of this, the malicious implant "may be dormant and undetected on Ivanti Connect Secure devices and remains an active threat."

To address the risk, CISA recommends that administrators review the updated indicators of compromise (IoCs) provided in the advisory to identify potential RESURGE infections and remove the malware from affected Ivanti systems.
Read more »
Privacy
AI ethics Artificial Intelligence Brain Computer Interface Brain Signal Analysis Deep Learning Neural Decoding Neuro Data Neurotechnology Security Privacy

Researchers Investigate AI Models That Can Interpret Fragmented Cognitive Signals


 

Despite being among the most complex and least understood systems in science for decades, the human brain continues to be one of the most complex and least understood. Advancements in brain-imaging technology have enabled researchers to observe neural activity in stunning detail, showing how different areas of the brain light up when a person listens, speaks, or processes information. However, the causes of these patterns have yet to be fully understood. 

Despite the fact that intricate waves of electrical signals and shifting clusters of brain activity indicate the brain is working, the deeper question of how these signals translate into meaning remains largely unresolved. Historically, neuroscientists, linguists, and psychologists have found it difficult to understand how the brain transforms words into coherent thoughts. 

Recent developments at the intersection of neuroscience and artificial intelligence are beginning to alter this picture for the better. As detailed recordings of brain activity are being analyzed using advanced deep learning techniques, researchers are revealing patterns suggesting that the human brain might interpret language in a manner similar to modern artificial intelligence models in terms of interpretation. 

As speech unfolds, rather than using rigid grammatical rules alone, the brain appears to build meaning gradually, layering context and interpretation as it unfolds. In a new perspective, this emerging concept offers insight into the mechanisms of human comprehension and may ultimately alter how scientists study language, cognition, and thought's neural foundations. 

The implications of this emerging understanding are already being explored in experimental clinical settings. In one such study, researchers observed the recovery of a participant following a stroke after experiencing severe speech impairments for nearly two decades. Despite remaining physically still, her subtle breathing rhythm was the only visible movement, yet she was experiencing complex neural activity beneath the surface. 

During silent speech, words appeared on a nearby screen, gradually combining into complete sentences that she was unable to convey aloud as she imagined speaking. As part of the study, the participant, 52-years-old T16, was implanted with a small array of electrodes located within the frontal regions of her brain responsible for language planning and motor speech control, which were monitored with an array of electrodes. 

A deep-learning system analyzed these signals and translated them into written text in near-real-time as she mentally rehearsed words using an implanted interface. As part of a broader investigation conducted by Stanford University, the same experimental framework was applied to additional volunteers with amyotrophic lateral sclerosis, a neurodegenerative condition. 

Through the integration of high-resolution neural recordings and machine learning models capable of recognizing complex activity patterns, the system attempted to reconstruct intended speech directly from brain signals based on the recorded signals. 

Even though the approach is still in experimental stages, it represents a significant breakthrough in brain-computer interface research aimed at converting internal speech into readable language. This research brings researchers closer to technologies that may one day allow individuals who have lost their ability to communicate to be able to communicate again.

The development of neural decoding goes beyond speech reconstruction and is also being explored simultaneously. A recent experiment at the Communication Science Laboratories of NTT, Inc in Japan has demonstrated that visual thoughts can be converted into written descriptions using a technique known as “mind captioning”. This approach, unlike earlier brain–computer interfaces that required participants to attempt or imagine speaking, emphasizes the interpretation of neural activity related to perception and memory.

The system can produce textual descriptions based on patterns in brain signals, giving a glimpse into how internal visual experiences can be translated into language without requiring physical communication. In order to develop the method, functional magnetic resonance imaging is combined with advanced language modeling techniques. 

Functional MRI can measure subtle changes in blood flow throughout the brain, enabling researchers to map neural responses as participants watch video footage and later recall those same scenes. As a result of these neural patterns, a pretrained language model is used to generate semantic representations, which encode relationships between concepts, objects and actions by utilizing numerical structures. 

This intermediary layer creates a link between raw brain activity and linguistic expressions by acting as an intermediary layer. As a result of the decoding model, observed neural signals are aligned with these semantic structures, while the resulting text is gradually refined by an artificial intelligence language model so that it reflects the meaning implicit in the recorded brain activity.

Experimental trials demonstrated that short video clips were often described in a way that captured the overall context, including interactions between individuals, objects, and environments. Although the system often misidentified a specific object, it often preserved the relationships or actions occurring in the scene even when the system misidentified the object. This indicates that the model was interpreting conceptual patterns rather than simply retrieving memorized phrases.

Furthermore, the process is not primarily dependent on the conventional language-processing regions of the brain. Rather than using sensory and cognitive activity as a basis for constructing meaningful descriptions, it interprets neural signals originating from areas that are involved in visual perception and conceptual understanding. This technology has implications beyond experimental neuroscience, in addition to enhancing human perception.

The development of systems that can translate perceptual or imagined experiences into language could lead to the development of new modes of communication for people suffering from severe neurological conditions, such as paralysis, aphasia, or degenerative diseases affecting their speech. At the same time, the possibility of utilizing technology to deduce internal mental content from neural data raises complex ethical issues. 

In the future, when it becomes easier to interpret brain activity, researchers and policymakers will need to consider how privacy, consent, and cognitive autonomy can be protected in an environment in which thoughts can, under certain conditions, be decoded. 

Increasingly sophisticated systems that can interpret neural signals and restore aspects of human thought are presenting researchers and ethicists with broader questions about how artificial intelligence may change the nature of human knowledge. 

According to scholars, if algorithmic systems are increasingly used as default intermediaries for information, understanding could gradually shift from direct human reasoning to automated interpretation as a consequence.

In this scenario, human judgement's traditional qualities - context awareness, critical doubt, ethical reflection, and interpretive nuance - may be eclipsed by the efficiency and speed of machine-generated responses. There is concern among some analysts that this shift may result in the creation of a new form of epistemic divide. 

There may be those individuals who continue to cultivate the cognitive discipline necessary to build knowledge through sustained attention, reflection, and analysis. Conversely, those individuals whose thinking processes are increasingly mediated by digital systems that provide answers on demand may also be affected.

The latter approach, while beneficial in many contexts, can improve productivity and speed up problem solving. However, overreliance on external computational tools may weaken the underlying habits of independent inquiry over time. 

It is likely that the implications would extend far beyond academic environments, influencing those who are capable of managing complex decisions, evaluating conflicting information, or generating truly original ideas rather than relying on pattern predictions generated by algorithms. 

It is noteworthy that, despite these concerns, experts emphasize that the most appropriate response to artificial intelligence is not the rejection of it, but rather the carefully designed social and systemic practices that maintain human cognitive agency. It is likely that educators, institutions, and policymakers will need to intentionally reintroduce intellectual effort that sustains deep thinking in the face of increasing friction caused by automated information retrieval and analytical tools. 

It is possible to encourage individuals to use their independent problem-solving skills before consulting digital tools in these learning environments, as well as evaluate their performance in these learning environments using methods that emphasize reasoning, revision, and reflection. The distinction between retrieval of knowledge and retrieval of information may be particularly relevant in this context.

Despite retrieval systems' ability to deliver information instantly, true understanding requires an explanation of concepts, their application to unfamiliar situations, and critical examination of the assumptions they are based on. These implications are particularly significant for the younger generations, whose cognitive habits are still developing. 

Researchers are increasingly emphasizing the importance of practicing activities that enhance concentration and independent thought. These activities include reading for sustained periods of time, writing without assistance, solving complex problems, and composing creative works that require patience and focus. It is essential that such activities continue in an environment in which information is almost effortless to access that they serve as forms of cognitive training. 

As neural decoding technologies and artificial intelligence-assisted cognition progress, it may ultimately prove just as important to preserve the human capacity for deliberate thought as it is to achieve technological breakthroughs. As a result of the lack of such a balance, the question is not whether intelligence would diminish, but whether the individual would gradually lose control over the process by which his or her own thoughts are formed. 

 Technological advancement and frameworks that guide the application of neural decoding and artificial intelligence-assisted cognition will determine the trajectory of neural decoding and AI-assisted cognition in the future. 

As the ability to interpret brain activity becomes more refined, researchers, clinicians, and policymakers will be required to develop clear safeguards that protect mental privacy while ensuring the technology serves a legitimate scientific or medical purpose. 

A comprehensive governance system, transparent research standards, and ethical oversight will play a central role in determining the integration of such tools into society. If neural interfaces and artificial intelligence-driven interpretation systems are developed responsibly, they can transform communication for patients with severe neurological impairments and provide greater insight into human behavior. 

In addition, it remains essential to maintain a clear boundary between assistance and intrusion, to ensure that advancements in decoding the brain ultimately enhance human autonomy rather than compromise it.
Read more »
phishing
AppleChris APT Data malware MemFun phishing

Chinese Threat Actors Attack Southeast Asian Military Targets via Malware


A China-based cyber espionage campaign is targeting Southeast Asian military targets. The state-sponsored campaign started in 2020. 

Palo Alto Networks Unit 42 has been tracking the campaign under the name CL-STA-1087. Here, CL means cluster, and STA means state-backed motivation. 

According to security experts Yoav Zemah and Lior Rochberger, “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk data theft. The attackers behind this cluster actively searched for and collected highly specific files concerning military capabilities, organizational structures, and collaborative efforts with Western armed forces.”

About the campaign

The campaign shows traces commonly linked with APT campaigns, such as defense escape tactics, tailored delivery methods, custom payload deployment, and stable operational infrastructure to aid sustained access to hacked systems.

MemFun and AppleChris

Threat actors used tools such as backdoors called MemFun and AppleChris, and a credential harvester called Getpass. Experts found the hacking tools after finding malicious PowerShell execution that allowed the script to go into a sleep state and then make reverse shells to a hacker-controlled C2 server. Experts don't know about the exact initial access vector. 

About the attack sequence

The compromise sequence deploys AppleChris’ different versions across victim endpoints and moves laterally to avoid detection. Hackers were also found doing searches for joint military activities, detailed assessments of operational capabilities, and official meeting records. The experts said that the “attackers showed particular interest in files related to military organizational structures and strategy, including command, control, communications, computers, and intelligence (C4I) systems.”

MemFun and AppleChris are designed to access a shared Pastebin account that serves as a dead-drop resolver to retrieve the real C2 address in Base64-encoded format. An AppleChris version also depends on Dropbox to fetch the C2 details via the Pastebin approach, kept as a backup option. Installed via DLL hijacking, AppleChris contacts the C2 server to receive commands to perform drive enumeration and related tasks. 

According to Unit 42, “To bypass automated security systems, some of the malware variants employ sandbox evasion tactics at runtime. These variants trigger delayed execution through sleep timers of 30 seconds (EXE) and 120 seconds (DLL), effectively outlasting the typical monitoring windows of automated sandboxes.”

Read more »
User Security
AES‑256 Cyber Security Data Encryption Military‑Grade Encryption User Security

Debunking the Myth of “Military‑Grade” Encryption

 

Military-grade encryption sounds impressive, but in reality it is mostly a marketing phrase used by VPN providers to describe widely available, well‑tested encryption standards like AES‑256 rather than some secret military‑only technology. The term usually refers to the Advanced Encryption Standard with a 256‑bit key (AES‑256), a symmetric cipher adopted as a US federal standard in 2001 to replace the older Data Encryption Standard. 

AES turns readable data into random‑looking ciphertext using a shared key, and the 256‑bit key length makes brute‑force attacks computationally infeasible for any realistic adversary. Because the same key is used for both encryption and decryption, AES is paired with slower asymmetric algorithms such as RSA during the VPN handshake so the symmetric key can be exchanged securely over an untrusted network. Once that key is agreed, your traffic flows efficiently using AES while still benefiting from the secure key exchange provided by public‑key cryptography.

Calling this setup “military‑grade” is misleading because it implies special, restricted technology, when in fact AES‑256 is an open, publicly documented standard used by governments, banks, corporations, and everyday internet services alike. Any competent developer can implement AES‑256, and your browser and many apps already rely on it to protect logins and other sensitive data as it traverses the internet. In practical terms, the same class of algorithm that safeguards classified government communications also secures routine tasks like online banking or cloud storage. VPN marketing leans on the phrase because “AES‑256 with a 256‑bit key” means little to non‑experts, while “military‑grade” instantly conveys strength and trustworthiness.

Strong encryption is not overkill reserved for spies; it matters for everyday users whose online activity constantly generates data trails across sites and apps. That information is monetized for targeted advertising and exposed in breaches that can enable phishing, identity theft, or other fraud, even if you believe you have nothing to hide. Location histories, financial records, and health details are all highly sensitive, and the risks are even greater for journalists, activists, or people living under repressive regimes where surveillance and censorship are common. For them, robust encryption is essential, often combined with obfuscation and multi‑hop VPN chains to conceal VPN usage and add layers of protection if an exit server is compromised.

Ultimately, a VPN without strong encryption offers little real security, whether you are using public Wi‑Fi or simply trying to keep your ISP and advertisers from building detailed profiles about you. AES‑256 remains a widely trusted choice, but modern VPNs may also use alternatives like ChaCha20 in protocols such as WireGuard, which, although not a NIST standard, has been thoroughly audited and is considered secure. The important point is not the “military‑grade” label but whether the service implements proven, well‑reviewed cryptography correctly and combines it with privacy‑preserving features that match your threat model.
Read more »
Subscribe to: Comments (Atom)

Featured