Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Latest News

Experts decoded encryption keys used by DarkBit ransomware gang

Encryption key for Darkbit ransomware Good news for people affected by the DarkBit ransomware: experts from Profero have cracked the encrypt...

All the recent news you need to know
PWA
Browser Browser Security Client Accounts Cyber Attacks cybercriminals Data protection data security Data Theft Mobile Security PWA

Cybercriminals Escalate Client-Side Attacks Targeting Mobile Browsers

 

Cybercriminals are increasingly turning to client-side attacks as a way to bypass traditional server-side defenses, with mobile browsers emerging as a prime target. According to the latest “Client-Side Attack Report Q2 2025” by security researchers c/side, these attacks are becoming more sophisticated, exploiting the weaker security controls and higher trust levels associated with mobile browsing. 

Client-side attacks occur directly on the user’s device — typically within their browser or mobile application — instead of on a server. C/side’s research, which analyzed compromised domains, autonomous crawling data, AI-powered script analysis, and behavioral tracking of third-party JavaScript dependencies, revealed a worrying trend. Cybercriminals are injecting malicious code into service workers and the Progressive Web App (PWA) logic embedded in popular WordPress themes. 

When a mobile user visits an infected site, attackers hijack the browser viewport using a full-screen iframe. Victims are then prompted to install a fake PWA, often disguised as adult content APKs or cryptocurrency apps, hosted on constantly changing subdomains to evade takedowns. These malicious apps are designed to remain on the device long after the browser session ends, serving as a persistent backdoor for attackers. 

Beyond persistence, these apps can harvest login credentials by spoofing legitimate login pages, intercept cryptocurrency wallet transactions, and drain assets through injected malicious scripts. Some variants can also capture session tokens, enabling long-term account access without detection. 

To avoid exposure, attackers employ fingerprinting and cloaking tactics that prevent the malicious payload from triggering in sandboxed environments or automated security scans. This makes detection particularly challenging. 

Mobile browsers are a favored target because their sandboxing is weaker compared to desktop environments, and runtime visibility is limited. Users are also more likely to trust full-screen prompts and install recommended apps without questioning their authenticity, giving cybercriminals an easy entry point. 

To combat these threats, c/side advises developers and website operators to monitor and secure third-party scripts, a common delivery channel for malicious code. Real-time visibility into browser-executed scripts is essential, as relying solely on server-side protections leaves significant gaps. 

End-users should remain vigilant when installing PWAs, especially those from unfamiliar sources, and treat unexpected login flows — particularly those appearing to come from trusted providers like Google — with skepticism. As client-side attacks continue to evolve, proactive measures on both the developer and user fronts are critical to safeguarding mobile security.
Read more »
vibe coding
AI entrepreneurship AI-powered startups Gen Z social apps No-code development Technology vibe coding

From Vibes to Ventures: How AI-First Startups Like Giggles Are Redefining the Rules of Entrepreneurship

 

In January, 18-year-old Justin Jin introduced Giggles — an AI-powered social entertainment app that has already drawn over 120,000 people to its waitlist and generated 150 million impressions. Remarkably, this momentum came without venture capital backing, a marketing budget, or a conventional engineering team. Instead, Jin and his young co-founders harnessed AI to create a platform for Gen Alpha and Gen Z, blending AI-generated content, digital collectibles, and gamified social experiences.

Soon after, another player emerged — Base44, founded by a non-technical creator who used AI to “vibe code” a no-code development tool. Within six months, with fewer than ten team members, it achieved profitability, reached 300,000 users, and sold to Wix for $80 million in cash, as reported by TechCrunch. Together, these companies highlight a new startup archetype: ventures driven not by traditional coding teams but by creativity, culture, and AI orchestration.

AI is enabling visionaries without computer-science backgrounds to build platform-level products. Still, doubts remain — can this model scale without deep engineering expertise? The concept of “vibe coding,” coined by Andrej Karpathy, encapsulates this trend: creating with AI by simply speaking ideas. “You fully give in to the vibes, embrace exponentials and forget that the code even exists,” Karpathy tweeted earlier this year.

Y Combinator CEO Garry Tan notes that many startups now generate up to 95% of their code through AI, achieving what once took teams of 50–100 engineers with fewer than ten people. But as Business Insider’s Alistair Barr observed, this shift is fundamentally altering SaaS economics while raising new risks. Nigel Douglas of Cloudsmith cautions that, in business, the wrong tool can cause serious issues like data breaches or outages.

GitHub CEO Thomas Dohmke echoed these concerns at VivaTech in Paris: “A non-technical founder will find it difficult to build a startup at scale without developers,” warning that vibe coding alone doesn’t provide the depth needed for serious investment. Even AI-native founders acknowledge the gaps. “There’s a need to build technical depth. We know that’s important and are expanding engineering operations and bringing on advisors,” said Edwin Wang, Giggles co-founder.

Jin’s earlier venture, Mediababy, sold for $3.8 million, influencing his belief that platforms should prioritize user expression over rigid structures. On Giggles, that vision materialized in a storytelling-driven, prompt-based creative hub where users engage with AI-generated videos, collectibles, and daily quests. “Creators aren’t limited to just posting photos and videos. They can vibe code a game, develop an app, create a whole virtual world and post it on Giggles,” added co-founder Matthew Hershoff.

The challenge for Giggles — and other AI-native ventures — lies in evolving from viral spark to sustainable infrastructure. While AI accelerates the early build phase, scaling securely and reliably demands engineering rigor. Jin’s team appears to understand this, with Wang acknowledging that “scaling creativity still requires coding discipline.”


Looking ahead, the likely winners will be “hybrid founders” — creatively driven, AI-fluent visionaries who bring in seasoned engineers to fortify their products. As Reid Hoffman puts it, “bringing AI into your toolkit makes you enormously attractive,” but sustaining an edge requires robust testing, review, and security practices.

Ultimately, vibe coding may define this era’s startup genesis, but endurance will come from structure, execution, and human judgment. Or, as Jin sums it up: “It’s not just about who can build fast. It’s about who can build something that lasts.”
Read more »
stolen information
Data Breach Google Hacking Phishing Attack Salesforce Scams stolen information

Google Confirms Data Breach in Salesforce System Linked to Known Hacking Group

 



Google has admitted that some of its customer data was stolen after hackers managed to break into one of its Salesforce databases.

The company revealed the incident in a blog post on Tuesday, explaining that the affected database stored contact details and notes about small and medium-sized business clients. The hackers, a group known online as ShinyHunters and officially tracked as UNC6040, were able to access the system briefly before Google’s security team shut them out.

Google stressed that the stolen information was limited to “basic and mostly public” details, such as business names, phone numbers, and email addresses. It did not share how many customers were affected, and a company spokesperson declined to answer further questions, including whether any ransom demand had been made.

ShinyHunters is notorious for breaking into large organizations’ cloud systems. In this case, Google says the group used voice phishing, calling employees and tricking them into granting system access — to target its Salesforce environment. Similar breaches have recently hit other companies using Salesforce, including Cisco, Qantas, and Pandora.

While Google believes the breach’s immediate impact will be minimal, cybersecurity experts warn there may be longer-term risks. Ben McCarthy, a lead security engineer at Immersive, pointed out that even simple personal details, once in criminal hands, can be exploited for scams and phishing attacks. Unlike passwords, names, dates of birth, and email addresses cannot be changed.

Google says it detected and stopped the intrusion before all data could be removed. In fact, the hackers only managed to take a small portion of the targeted database. Earlier this year, without naming itself as the victim, Google had warned of a similar case where a threat actor retrieved only about 10% of data before being cut off.

Reports suggest the attackers may now be preparing to publish the stolen information on a data leak site, a tactic often used to pressure companies into paying ransoms. ShinyHunters has been linked to other criminal networks, including The Com, a group known for hacking, extortion, and sometimes even violent threats.

Adding to the uncertainty, the hackers themselves have hinted they might leak the data outright instead of trying to negotiate with Google. If that happens, affected business contacts could face targeted phishing campaigns or other cyber threats.

For now, Google maintains that its investigation is ongoing and says it is working to ensure no further data is at risk. Customers are advised to stay alert for suspicious calls, emails, or messages claiming to be from Google or related business partners.

Read more »
Security Breach
Customer Data CyberCrime Cyberhackers Cybersecurity Data Breach Jewellery Pandora Security Breach

Pandora Admits Customer Data Compromised in Security Breach


 

A major player in the global fashion jewellery market for many years, Pandora has long been positioned as a dominant force in this field as the world's largest jewellery brand. However, the luxury retailer is now one of a growing number of companies that have been targeted by cybercriminals. 

Pandora confirmed on August 5, 2025, that a cyberattack had been launched on the platform used to store customer data by a third party. A Forbes report indicates that the breach was caused by unauthorised access to basic personal information, including customer name and email address. As a result, no passwords, credit card numbers, or any other sensitive financial information were compromised, the company stressed. 

In response to the incident, Pandora has taken steps to contain it, improved its security measures, and stated that at the present time, no evidence has been found that suggests that the stolen information has been leaked or misused. There is no doubt that supply chain dependencies can be a vulnerability for attackers due to the recent breach at Danish jewellery giant Pandora, as evidenced by this breach. 

The incident, rather than being the result of a direct intrusion into Pandora's core infrastructure, has been traced back to a third-party vendor platform — a reminder of the vulnerability of external services, including customer relationship management tools and marketing automation systems, which can be used by hackers as gateways. 

Using this tactic, cybercriminals were able to gain unauthorised access to customer data. Cybercriminals often employ this tactic to facilitate secondary crimes such as phishing, identity theft, and targeted scams. This incident is part of a broader industry challenge, with organisations increasingly outsourcing critical functions while ignoring the security risks associated with these outsourcing agreements. 

However, Pandora has not revealed who the third-party platform is; however, it has confirmed that some of Pandora's customer information was accessed through it, so the company's core internal systems remained unaffected by the intrusion. According to the jewellery retailer, the intrusion has been swiftly contained, and additional security measures have been put in place in order to ensure that future attacks do not occur again. 

According to the investigation, only the most common types of data - the names, dates, and email addresses of customers - were copied, and there was no compromise of passwords, identity documents or financial information. Several researchers have noted that cybercriminals have been orchestrating social engineering campaigns on behalf of companies and help desks for as long as January 2025, often to obtain Salesforce credentials or trick the staff into authorising malicious OAuth applications. 

It is not the only issue that is concerning the retail sector, as Chanel, a French fashion and cosmetics giant, also confirmed earlier this month a cyberattack perpetrated by the ShinyHunter extortion group, reportedly targeting Salesforce applications on August 1 through a social media-based intrusion, causing a significant amount of disruption in the industry. 

In the last year, the UK retail sector has been experiencing challenges as a result of cyberattacks that have affected major brands such as M&S, Harrods, and The Co-op. This latest incident comes at a time when the retail sector has been facing an increasing number of cyberattacks. A breach earlier this year resulting in the theft of customer data led M&S to declare a loss of around £300 million for its annual profit. 

It has been noted that in recent years, retailers have become prime targets for sophisticated hackers due to the vast amounts of consumer information they collect for marketing purposes and the outdated security infrastructure they use. Many retailers have underinvested in cybersecurity resilience in their pursuit of speed, scale, and convenience, which is something well-organised threat actors, such as Scattered Spider, are exploiting by taking advantage of this gap. 

Cybersecurity expert Christoph Cemper advised Pandora customers to remain vigilant against potential phishing emails, warning that such attacks can lead to the theft of sensitive information or financial losses if recipients click malicious links or download harmful attachments. Pandora reaffirmed its commitment to data protection, stating, Cemper, however, emphasised that retailers must adopt more proactive measures to safeguard customer information. 

Despite this incident, Pandora stressed the importance of not compromising passwords, payment information, or other sensitive details of customers. Specifically, the incident only involved “very common types of customer data”, including names and e-mail addresses, with no compromises to passwords, payment information, or other sensitive information. 

As a result of its investigation, the company stated that no evidence of misuse of the stolen data was found, but it advised customers to remain vigilant, especially in situations where they receive unsolicited emails or ask for personal information online. In its warning to customers, Pandora advised them not to click on unfamiliar links or download attachments from unverified sources. 

Pandora did not specify who was responsible for the intrusion, how the hack was executed, or how many people had been affected. Nonetheless, security researchers have been able to link the incident to the ShinyHunters group, which is said to have targeted corporate Salesforce databases with various social engineering and phishing techniques since January 2025. 

Several of the members of this group claim that they will "perform a mass sale or leak" of data from companies unwilling to comply with ransom demands. As far as Salesforce is concerned, the company has not been compromised. Its statement attributed these breaches instead to sophisticated phishing attacks and social engineering attacks that have become increasingly sophisticated over the years, reiterating that customers are responsible for safeguarding their data on their own. 

Today's interconnected retail environment serves as a reminder that cyber risks are no longer confined to a company's own network perimeter but are now a part of a company's wider digital footprint. It has become increasingly apparent that the lines between internal and external security responsibilities are blurring in light of the increasing use of vulnerability in third-party platforms, social engineering tactics, and overlooked digital entry points. 

The stakes for global brands are not limited to immediate disruption to operations. In addition to consumer trust, brand reputation, and regulatory scrutiny, cybersecurity experts agree that a holistic approach is now needed in order to mitigate cyberattacks. In addition to rigorous vendor risk assessments, continuous employee training, advanced threat detection, and resilient incident response frameworks, these strategies are all important. 

In an industry like luxury retail that is vulnerable to cyberattacks, Pandora's experience demonstrates what is becoming an increasingly common industry imperative: proactive defences are becoming not just an option but an essential tool for safeguarding the online relationships of customers and protecting their digital assets.
Read more »
Technology
Asia-Pacific Distribution Network Market Growth Quantum Corporation Technology

Quantum Broadens Distribution Reach in Asia-Pacific Region

 

Quantum Corporation Expands Asia-Pacific Distribution Network to Accelerate Growth Quantum Corporation (NASDAQ: QMCO) announced a strategic expansion of its distribution network across high-growth Asia-Pacific markets including China, India, Taiwan, and the ASEAN region. This initiative reflects the company's commitment to capturing increased demand for advanced data protection and management solutions, particularly as artificial intelligence, machine learning, and unstructured data continue to reshape organizational operations. 

Strategic partnership framework

The expansion involves exclusive distribution agreements with four established regional leaders, each bringing specialized expertise and market knowledge. ChangHong IT (CHIT) will handle distribution in China, while Rashi Peripherals Limited takes charge of the Indian market. For Taiwan, Hibino Graphics Corporation (formerly NGC) serves as the distributor, and ACA Pacific manages the broader ASEAN region. These partners were selected for their deep local market understanding, established customer relationships, and technical alignment with Quantum's solutions. 

The new distribution model aims to significantly improve customer experience through several key enhancements. Extended local service and support coverage ensures customers receive timely assistance in their native regions. The framework also enables faster delivery times by reducing logistical complexities and maintaining regional inventory. Additionally, customers will benefit from tailored technical support that addresses specific regional requirements and industry needs. 

Market context and positioning 

This expansion comes at a critical time when the Asia-Pacific quantum computing market is experiencing remarkable growth, with projections showing a compound annual growth rate of 38.2% through 2032. The region's governments are making substantial investments in quantum technologies, with countries like China, Japan, and Singapore establishing themselves as quantum research hubs. Rob Hilligoss, head of APAC sales for Quantum, emphasized that this strategic move represents "a pivotal chapter in Quantum's APAC strategy" designed to deliver transformative data solutions across industries and borders.

Implementation and company background 

The new channel model became effective immediately upon announcement, demonstrating Quantum's urgency in capitalizing on market opportunities. Each regional distributor will spearhead go-to-market strategies, invest in sales and marketing initiatives, and collaborate closely with Quantum to provide comprehensive customer support within their territories. 

With over four decades of experience in data management, Quantum specializes in solutions designed for the AI era. The company serves leading organizations across life sciences, government, media and entertainment, research, and industrial technology sectors. Their comprehensive data platform enables customers to maximize value from unstructured data, providing everything from high-performance data ingestion for AI applications to massive data lakes that fuel AI model development. 

However, the company faces financial challenges, with recent data showing an 18.16% revenue decline over the past twelve months and a market capitalization of $56.92 million. This strategic expansion into high-growth Asian markets represents a crucial opportunity for Quantum to reverse these trends and capitalize on the region's rapidly expanding technology sector.
Read more »
website data
AI CloudFlare Perplexity Technology website data

Cloudflare Accuses AI Startup Perplexity of Bypassing Web Blocking Measures

 





Cloudflare has accused artificial intelligence company Perplexity of using hidden tactics to bypass restrictions designed to stop automated bots from collecting website data.

In a statement published Monday, Cloudflare said it had received multiple complaints from its customers claiming that Perplexity was still able to view and collect information from their sites, even though they had taken steps to block its activity. These blocks were implemented through a robots.txt file, a common tool that tells search engine bots which parts of a website they can or cannot access.

According to Cloudflare’s engineers, testing confirmed that Perplexity’s official crawler — the automated system responsible for scanning and indexing web content was being blocked as expected. However, the company claims Perplexity was also using other, less obvious methods to gain access to pages where it was not permitted.

As a result, Cloudflare said it has removed Perplexity from its list of verified bots and updated its own security rules to detect and block what it called “stealth crawling.” The company stressed that trustworthy crawlers should operate transparently, follow site owner instructions, and clearly state their purpose.

This dispute comes shortly after Cloudflare introduced new tools allowing website operators to either block AI crawlers completely or charge them for access. The move is part of a broader debate over how AI firms gather the large amounts of online data needed to train their systems.

When contacted by media outlets, Perplexity did not respond immediately. Later, company spokesperson Jesse Dwyer told TechCrunch that Cloudflare’s claims were exaggerated, describing the blog post as a “sales pitch.” Dwyer also argued that Cloudflare’s screenshots showed no actual data collection, and that one of the bots mentioned “isn’t even ours.”

Perplexity went further in its own blog post, criticizing Cloudflare’s actions as “embarrassing” and “disqualifying.”

The AI company has faced similar accusations before. Earlier this year, the BBC threatened legal action against Perplexity over claims it had copied its content without permission. Perplexity is one of several AI companies caught up in disputes over online data scraping, though some media organizations have instead chosen to sign licensing agreements with AI firms, including Perplexity.

As the tension between AI data gathering and online privacy grows, this case stresses upon the increasing push from technology infrastructure providers like Cloudflare to give site owners more control over how and whether, AI systems can collect their content.

Read more »
User Privacy
Car Data Leak NZTA Technology Theft User Privacy

NZTA Breach Results in Vehicle Theft, User Data Compromise


Data compromise leads to targeted motor theft

A privacy breach has leaked the details of 1000 people (estimate) in a Transport firm's database over the past year. According to the agency, the breach targeted 13 vehicles for theft. The problem was in the agency’s Motocheck system, which let users access information stored on the Motor Vehicle Register. 

User account compromise led to unauthorized access

According to the NZTA, it became aware of the attack in May 2025 when a customer complained, and also through the police as part of an investigation. NZTA found that illegal access happened from an ex-employee's account of Motocheck of Auckland Auto Collections LTD. The threat actor used the compromised account to access people’s personal information, such as names and addresses from the MVR. 

"To date, we have determined that names and addresses of 951 people were accessed improperly over the 12 months to May 2025, and that at least 13 of these vehicles are suspected to have been targeted for theft," NZTA said in a statement. 

NZTA assisting affected customers

The agency contacted affected customers to assist them in the breach and updated them on measures that were taken to address the incident, and also offered support and assistance for their concerns. 

"We have sincerely apologised to those affected for the inconvenience and distress caused by the breach," it said. NZTA is also assisting police in their investigations of the incident and the vehicles that were targeted for theft. NZTA also informed the Office of the Privacy Commissioner. The agency’s systems aim to protect people’s privacy.

NZTA claims that "work is underway to improve the protection of personal information within our registers, with a priority to address risks of harm. This work will involve improvements across policy, contractual, operational, and digital aspects of register access.” A customer impacted by the incident was informed by the agency that their name and address were stolen last year.

NZTA said that they “have been unable to confirm the reason why your name and address were accessed. If you feel that your safety is at risk, we encourage you to contact NZ Police directly." 

Read more »
Subscribe to: Posts (Atom)