Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

European Governments Turn to Matrix for Secure Sovereign Messaging Amid US Big Tech Concerns

  A growing number of European governments are turning to Matrix, an open-source messaging architecture, as they seek greater technological ...

All the recent news you need to know
User Privacy
Cyber Security Data Safety One Login UK Digital ID User Privacy

UK Digital ID Faces Security Crisis Ahead of Mandatory Rollout

 

The UK’s digital ID system, known as One Login, triggered major controversy in 2025 due to serious security vulnerabilities and privacy concerns, leading critics to liken it to the infamous Horizon scandal. 

One Login is a government-backed identity verification platform designed for access to public services and private sector uses such as employment verification and banking. Despite government assurances around its security and user benefits, public confidence plummeted amid allegations of cybersecurity failures and rushed implementation planned for November 18, 2025.

Critics, including MPs and cybersecurity experts, revealed that the system failed critical red-team penetration tests, with hackers gaining privileged access during simulated cyberattacks. Further concerns arose over development practices, with portions of the platform built by contractors in Romania on unsecured workstations without adequate security clearance. The government missed security deadlines, with full compliance expected only by March 2026—months after the mandatory rollout began.

This “rollout-at-all-costs” approach amidst unresolved security flaws has created a significant trust deficit, risking citizens’ personal data, which includes sensitive information like biometrics and identification documents. One Login collects comprehensive data, such as name, birth date, biometrics, and a selfie video for identity verification. This data is shared across government services and third parties, raising fears of surveillance, identity theft, and misuse.

The controversy draws a parallel to the Horizon IT scandal, where faulty software led to wrongful prosecutions of hundreds of subpostmasters. Opponents warn that flawed digital ID systems could cause similar large-scale harms, including wrongful exclusions and damaged reputations, undermining public trust in government IT projects.

Public opposition has grown, with petitions and polls showing more people opposing digital ID than supporting it. Civil liberties groups caution against intrusive government tracking and call for stronger safeguards, transparency, and privacy protections. The Prime Minister defends the program as a tool to simplify life and reduce identity fraud, but critics label it expensive, intrusive, and potentially dangerous.

In conclusion, the UK’s digital ID initiative stands at a critical crossroads, facing a crisis of confidence and comparisons to past government technology scandals. Robust security, oversight, and public trust are imperative to avoid a repeat of such failures and ensure the system serves citizens without compromising their privacy or rights.
Read more »
Stolen Credentials
Cybercrime Trends Cybersecurity Threats Dark Web Data Breach Digital Security Identity Protection Online Privacy Proton Research Stolen Credentials

Security Researchers at Proton Warn of Massive Credential Exposure


 

Data is becoming the most coveted commodity in the ever-growing digital underworld, and it is being traded at an alarming rate. In a recent investigation conducted by Proton, it has been revealed that there are currently more than 300 million stolen credentials circulating across dark web marketplaces, demonstrating how widespread cybercrime is. 

According to Proton's Data Breach Observatory, which continuously monitors illicit online forums for evidence of data compromise, there is a growing global cybersecurity crisis that is being revealed. In the year 2025, the Observatory has recorded 794 confirmed breach incidents. When aggregating these data, the number increases to 1,571, which amounts to millions of records exposed to the public in the coming years. 

One of the troubling aspects of the research is the pattern of targeting small and medium-sized businesses: cybercriminals have increasingly targeted these companies. Over half of all breaches were recorded at companies with between 10 and 249 employees, while 23% of breaches occurred in micro businesses with fewer than 10 employees. 

This report highlights a growing truth about the digital age: while businesses are racing to innovate and expand online, threat actors are evolving just as quickly. As a result, the vast internet architecture has become a vibrant market for stolen identities, corporate secrets, and business secrets. 

Security breaches are still largely hidden from the public eye for many organisations due to fear of reputational damage, financial losses, or regulatory scrutiny, so they remain reluctant to reveal them. This leaves the true extent of cybercrime largely hidden from the public eye. Using Proton's latest initiative, the company hopes to break down the silence surrounding this threat by tracking it to its source: the underground marketplaces that openly sell stolen credentials and personal data.

In doing so, Proton is continuing its quest to foster a safer, more private internet, which is a vital component of the company's mission. As an extension of the Proton VPN Observatory, which monitors global instances of government-imposed internet restrictions and VPN censorship in the form of government-imposed restrictions, the Data Breach Observatory extends that vigilance to track instances of cybercrime in the form of data breaches. 

Its creation, which is made in collaboration with Constella Intelligence, is an observatory that constantly scans the dark web for new breaches, analysing the types of data compromised, including passwords and personal identifiers, as well as financial records, and the number of accounts affected. 

Through real-time monitoring, Proton can alert victims as soon as a breach occurs, sometimes even before the breached organisation realises it is happening. The Proton platform provides transparent, publicly accessible insights into these security breaches, which are aimed at both educating users about the magnitude of the threat and discouraging organisations from concealing their security shortcomings. 

There is a policy of responsible disclosure at the heart of this initiative, which ensures that affected entities are informed in advance of any public announcement relating to the incident. This is an era that has been defined by data theft and corporate secrecy since the dawn of the digital age. Proton's proactive approach serves as a countermeasure, turning dark web intelligence into actionable preventative measures. 

With this initiative, the company not only reveals the hidden mechanics of cybercrime but also strengthens its reputation as a pioneer in digital transparency and empowerment for users, allowing businesses and individuals alike a better understanding of the shadowy forces that shape today's cybersecurity landscape, as well as the risks associated with it. 

In its latest research, Proton has provided a sobering assessment of the escalating cost of cybercrime to smaller businesses. There have been an estimated four out of five small businesses in recent months that have been affected by data breaches, and these attacks have often resulted in losses exceeding one million dollars. 

As part of the growing crisis surrounding data breaches, a Data Breach Observatory was established to identify breaches that often remain hidden until a significant amount of damage has been sustained. Proton constantly scans dark web marketplaces where stolen credentials are traded to deliver early warnings about potential breaches so that organisations can take steps to protect their data before attackers have an opportunity to exploit it further. 

Through the course of these investigations, a wide range of personal and financial details were uncovered, including names, dates of birth, email addresses, passwords, and physical contact information of those individuals. 

Almost all of these breaches have involved social security numbers, bank credentials, and IBAN details being exposed, which together represent an alarming combination that creates an extremely high likelihood of identity theft and financial fraud. 

It has been recorded by the observatory that several high-profile incidents will occur in 2025, such as the Qantas Airways breach in October that exposed more than 11.8 million customer records; Alleianz Life Germany in September, with more than one million compromised accounts; and the U.S. tech firm Tracelo that was breached by 1.4 million records earlier this year, while breaches at Free Telecom, a French company, and SkilloVilla, a Indian company, revealed 19 million records and 33 million records respectively, emphasizing the threat to be very global in nature. 

Security experts have always stressed the necessity of multi-factor authentication, as well as strong password management, as essential defences against credential-based attacks. Consequently, Proton reiterates this advice by advising businesses to regularly monitor their credentials for leaks and to reset passwords as soon as suspicious activity is detected. 

The company enables businesses to verify whether or not their data has been compromised through its public access observatory platform, which is a critical step toward minimising the damage done to a business before cybercriminals can weaponise the data stolen. This is done through the company's public observatory platform that is widely accessible. 

A stronger global security awareness and proactive cybersecurity practices are essential, and Proton's Data Breach Observatory confirms this need. Aside from the observatory's use as a crucial alert system, it is important to note that experts also emphasise that prevention is the best form of protection when it comes to securing information online. 

The Observatory stresses the importance of adopting layered security strategies, including the use of Virtual Private Networks (VPNs) that safeguard online communications and reduce the risk of interception, even in situations where users' data is compromised. By using its own Proton VPN, based on end-to-end encryption and the company's signature Secure Core architecture, traffic passes through multiple servers located in privacy-friendly jurisdictions, effectively masking users' IP addresses and shielding their digital identities from cybercriminals. The company is effectively protecting their digital identity from prying eyes. 

As a result of the robust infrastructure, the observatory continues to monitor across the dark web, and personal information remains encrypted and protected from the cybercriminal networks it monitors. Besides technical solutions, Proton and cybersecurity experts alike emphasise the importance of a set of foundational best practices for individuals and organisations who want to strengthen their defences. 

This is the best way to protect online accounts is to enable multi-factor authentication (MFA), widely recognised as the most effective method of preventing the theft of credentials, and to use a password manager whose function is to keep secure passwords for every online account. As part of regular breach monitoring, Proton's observatory platform can be used to provide timely alerts whenever credentials are discovered in leaked databases. 

In addition to fostering cybersecurity awareness among employees, companies must also create an incident response plan, enforce the principle of least privilege, and make sure that only systems that are essential to the role they are playing are accessible. Taking advantage of more advanced strategies, including network segmentation, enterprise-grade identity and access management (IAM) tools, such as Privileged Access Management (PAM), may allow for further containment and protection of critical infrastructure. 

These recommendations have been derived from the fact that credential theft is often based on exploited software vulnerabilities or weak configurations that are often exploited by hackers. An unpatched flaw—such as an API endpoint that is exposed or an authentication mechanism that is not working properly—can result in brute-force attacks or session hijacking attacks. 

Proton's exposure itself does not have any specific link to a vulnerability identifier; however, it indicates that there are still many systemic vulnerabilities which facilitate large-scale credential theft across many industries today. As a result of the importance of patching timely manner and implementing strict configuration management, businesses can significantly reduce the chances of attackers gaining access to their network. 

However, Proton’s research goes well beyond delivering a warning. It calls for action. The number of compromised accounts on dark web markets has increased by over 300 million, and we cannot afford to stay complacent. This study underscores that protecting one's data is not merely about technology, but about maintaining a proactive approach to cyber hygiene and continuous vigilance. 

A message Protoemphasises in this, when data is both a commodity and a target, it is clear: the key to digital safety lies in proactive defence, informed awareness, and collective responsibility. In an age when the digital landscape is becoming increasingly complex, Proton’s findings serve as a powerful reminder that cybersecurity is not an investment that can be made once but is an ongoing commitment. 

Organisations that take steps to ensure that their employees are informed and trained about cyber threats are better prepared to cope with the next wave of cyber threats. Several security measures, including encrypting infrastructure, conducting regular security audits, and continuously performing vulnerability assessments, can be taken to significantly reduce exposure, while collaborations between cybersecurity researchers and private firms can strengthen collective defences. 

Even though stolen data fuels a thriving underground economy in today's cyber world, the most effective defences against cybercrime remain vigilance and informed action.
Read more »
Scam
AI Deepfakes Bengaluru Cyber Crime deep fake videos Financial Scam links Scam

Deepfake of Finance Minister Lures Bengaluru Homemaker into ₹43.4 Lakh Trading Scam




A deceptive social media video that appeared to feature Union Finance Minister Nirmala Sitharaman has cost a Bengaluru woman her life’s savings. The 57-year-old homemaker from East Bengaluru lost ₹43.4 lakh after being persuaded by an artificial intelligence-generated deepfake that falsely claimed the minister was recommending an online trading platform promising high profits.

Investigators say the video, which circulated on Instagram in August, directed viewers to an external link where users were encouraged to sign up for investment opportunities. Believing the message to be authentic, the woman followed the link and entered her personal information, which was later used to contact her directly.

The next day, a man identifying himself as Aarav Gupta reached out to her through WhatsApp, claiming to represent the company shown in the video. He invited her to a large WhatsApp group titled “Aastha Trade 238”, which appeared to host over a hundred participants discussing stock trades. Another contact, who introduced herself as Meena Joshi, soon joined the conversation, offering to help the victim learn how to use the firm’s trading tools.

Acting on their guidance, the homemaker downloaded an application called ACSTRADE and created an account. Meena walked her through the steps of linking her bank details, assuring her that the platform was reliable. The first transfer of ₹5,000 was made soon after, and to her surprise, the app began displaying what looked like real profits.

Encouraged by what appeared to be rapid returns, she made larger investments. The application showed her initial ₹1 lakh growing into ₹2 lakh, and a later ₹5 lakh transfer seemingly yielding ₹8 lakh. The visual proof of profit strengthened her trust, and she kept transferring higher amounts.

In September, problems surfaced. While exploring an “IPO feature” on the app, she tried to exit but was unable to do so due to recurring technical errors. When she sought help, Meena advised her to continue investing to prevent losses. The woman followed this advice, transferring a total of ₹23 lakh in hopes of recovering her funds.

Once her savings were exhausted, the scammers proposed a loan option within the same app, claiming it would help her maintain her trading record. When she attempted to withdraw money, the platform denied the request, displaying a message stating her loan account was still active. Believing the issue could be resolved with more funds, she pawned her gold jewellery at a bank and a finance company, wiring additional money to the fraudsters.

By late October, her total transfers had reached ₹43.4 lakh across 13 separate transactions between September 24 and October 27. The deception came to light only when her bank froze her account on November 1, alerting her that unusual activity had been detected.

The East Cybercrime Police Station has since registered a case under the Information Technology Act and Section 318 of the Bharatiya Nyaya Sanhita, which addresses cheating. Officers confirmed that the fraudulent video used sophisticated AI tools to mimic the minister’s voice and gestures convincingly, making it difficult for untrained viewers to identify as fake.

Police officials have urged the public to remain alert to deepfake-driven scams that exploit public trust in well-known personalities. They advise verifying any financial offer through official government portals or trusted news sources, and to avoid clicking unfamiliar links on social media.

Experts warn that such crimes surface a new wave of cyber fraud, where manipulated media is used to build false credibility. Citizens are advised never to disclose personal or banking information through unverified links, and to immediately report suspicious investment schemes to their banks or local cybercrime authorities.



Read more »
Ransomware attack
Akira Ransomware cyber attack News Ransomware attack

Akira Ransomware Claims 23GB Data Theft in Alleged Apache OpenOffice Breach

 

The Akira ransomware group has reportedly claimed responsibility for breaching Apache OpenOffice, asserting that it stole 23 gigabytes of sensitive internal data from the open-source software foundation. 

The announcement was made on October 29 through Akira’s dark web leak site, where the group threatened to publish the stolen files if its ransom demands were not met. Known for its double-extortion tactics, Akira typically exfiltrates confidential data before encrypting victims’ systems to increase pressure for payment. 

Apache OpenOffice, a long-standing project under the Apache Software Foundation, provides free productivity tools that rival commercial platforms such as Microsoft Office. Its suite includes Writer, Calc, Impress, Draw, Base, and Math, and it supports more than 110 languages across major operating systems. The software is widely used by educational institutions, small businesses, and individuals around the world. 

Despite the severity of the claims, early reports indicate that the public download servers for OpenOffice remain unaffected, meaning users’ software installations are currently considered safe. 

Details of the Alleged Breach 

According to Akira’s post, the data set includes personal details of employees such as home addresses, phone numbers, birth dates, driver’s licenses, Social Security numbers, and credit card information. The hackers also claim to have financial documents, internal communications, and detailed technical reports related to application bugs and development work. 

In their online statement, the group said, “We will upload 23 GB of corporate documents soon,” implying the data could soon be released publicly. As of November 1, the Apache Software Foundation has not confirmed or denied the breach. Representatives have declined to comment, and independent investigators have not yet verified the authenticity of the stolen data. 

Experts caution that, if genuine, the leak could expose staff to identity theft and phishing attacks. However, the open-source nature of the software itself likely limits risks to the product’s source code. 

Akira’s Growing Threat 

Akira emerged in March 2023 and operates as a ransomware-as-a-service network, offering its tools to affiliates in exchange for a share of the profits. The group has executed hundreds of attacks across North America, Europe, and Asia, reportedly extorting tens of millions of dollars from victims. Akira’s malware variants target both Windows and Linux systems, including VMware ESXi environments. 

In some cases, the hackers have even used compromised webcams for added intimidation. The group communicates in Russian on dark web forums and is known to avoid attacking computers configured with Russian-language keyboards. 

The alleged Apache OpenOffice incident comes amid a surge in ransomware attacks on open-source projects. Security experts are urging volunteer-based organizations to adopt stronger defenses, better data hygiene, and more robust incident response protocols. 

Until the claim is verified or disproved, users and contributors to Apache OpenOffice are advised to stay alert for suspicious activity and ensure that backups are secure and isolated from their main systems.
Read more »
Mobile Security Threats
block scam calls call scams Caller Identity Calling Cyber Security mobile security measures Mobile Security Threats

TRAI Approves Caller Name Display Feature to Curb Spam and Fraud Calls

 

The Telecom Regulatory Authority of India (TRAI) has officially approved a long-awaited proposal from the Department of Telecommunications (DoT) to introduce a feature that will display the caller’s name by default on the receiver’s phone screen. Known as the Calling Name Presentation (CNAP) feature, this move is aimed at improving transparency in phone communications, curbing the growing menace of spam calls, and preventing fraudulent phone-based scams across the country. 

Until now, smartphone users in India have relied heavily on third-party applications such as Truecaller and Bharat Caller ID for identifying incoming calls. However, these apps often depend on user-generated databases and unverified information, which may not always be accurate. TRAI’s newly approved system will rely entirely on verified details gathered during the SIM registration process, ensuring that the name displayed is authentic and directly linked to the caller’s government-verified identity. 

According to the telecom regulator, the CNAP feature will be automatically activated for all subscribers across India, though users will retain the option to opt out by contacting their telecom service provider. TRAI explained that the feature will function as a supplementary service integrated with basic telecom offerings rather than as a standalone service. Every telecom operator will be required to maintain a Calling Name (CNAM) database, which will map subscribers’ verified names to their registered mobile numbers. 

When a call is placed, the receiving network will search this CNAM database through the Local Number Portability Database (LNPD) and retrieve the verified caller’s name in real-time. This name will then appear on the recipient’s screen, allowing users to make informed decisions about whether to answer the call. The mechanism aims to replicate the caller ID functionality offered by third-party apps, but with government-mandated accuracy and accountability. 

Before final approval, the DoT conducted pilot tests of the CNAP system across select cities using 4G and 5G networks. The trials revealed several implementation challenges, including software compatibility issues and the need for network system upgrades. As a result, the initial testing was primarily focused on packet-switched networks, which are more commonly used for mobile data transmission than circuit-switched voice networks.  

Industry analysts believe the introduction of CNAP could significantly enhance consumer trust and reshape how users interact with phone calls. By reducing reliance on unregulated third-party applications, the feature could also help improve data privacy and limit exposure to malicious data harvesting. Additionally, verified caller identification is expected to reduce incidents of spam calls, phishing attempts, and impersonation scams that have increasingly plagued Indian users in recent years.  

While TRAI has not announced an official rollout date, telecom operators have reportedly begun upgrading their systems and databases to accommodate the CNAP infrastructure. The rollout is expected to be gradual, starting with major telecom circles before expanding nationwide in the coming months. Once implemented, CNAP could become a major step forward in digital trust and consumer protection within India’s rapidly growing telecommunications ecosystem. 

By linking phone communication with verified identities, TRAI’s caller name display feature represents a significant shift toward a safer and more transparent mobile experience. It underscores the regulator’s ongoing efforts to safeguard users against fraudulent activities while promoting accountability within India’s telecom sector.
Read more »
Vulnerabilities and Exploits
CISA Linux Kernel Ransomware Campaign Vulnerabilities and Exploits

CISA Warns: Linux Kernel Flaw Actively Exploited in Ransomware Attacks

 

A critical Linux kernel vulnerability (CVE-2024-1086) is now actively exploited in ransomware attacks, according to a recent update from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). First publicly disclosed on January 31, 2024, this flaw stems from a decade-old code commit to the netfilter: nf_tables kernel component and was patched early in 2024. 

However, the exploit—which allows attackers with local access to escalate privileges and gain root control over affected systems—remains a severe threat for systems running kernel versions from 3.15 to 6.8-rc1, affecting prominent distributions like Debian, Ubuntu, Fedora, and Red Hat.

CISA’s latest advisory confirms the vulnerability is leveraged in live ransomware campaigns but doesn’t provide detailed incident counts or victim breakdowns. The agency added CVE-2024-1086 to its Known Exploited Vulnerabilities (KEV) catalog in May 2024, mandating federal agencies patch by June 20, 2024 or implement mitigations. These mitigations include blocklisting ‘nf_tables’ if not in use, restricting user namespace access to shrink the attack surface, and optionally deploying the Linux Kernel Runtime Guard (LKRG)—though the latter may introduce instability.

Security experts and community commentators highlight both the significance and scope of the risk. The flaw enables threat actors to achieve root-level system takeover—compromising defenses, altering files, moving laterally within networks, and exfiltrating sensitive data. 

Its effects are especially critical in server and enterprise contexts (where vulnerable kernel versions are widely deployed) rather than typical desktop Linux environments. For context, a security researcher known as 'Notselwyn' published a proof-of-concept exploit in March 2024 that clearly demonstrates effective privilege escalation on kernel versions 5.14 through 6.6, broadening attack feasibility for cybercriminals.

Immutability in Linux distributions (such as ChromeOS, Fedora Kinoite) is noted as a partial defense, limiting exploit persistence but not fully mitigating in-memory or user-data targeting attacks. CISA stresses following vendor-specific instructions for mitigation and, where remedies are unavailable, discontinuing product use for guaranteed safety. 

Community debate also reflects persistent frustration at slow patch adoption and challenges in keeping kernels up to date across varied deployment environments. The ongoing exploitation—as confirmed by CISA—underscores the critical need for timely patching, rigorous access controls, and awareness of Linux privilege escalation risks in the face of escalating ransomware threats.
Read more »
Subscribe to: Comments (Atom)

Featured